Fix overflow when using Long.MAX_VALUE as leeway

[jmerle]

Changes

Recently I tried to set the leeway of the JWT verifier to Long.MAX_VALUE to do some local debugging where the token being expired didn't matter. Unfortunately the verifier crashed with a long overflow when I ran it. The alternative was to set the leeway to a large, but not too large value. Nonetheless, this PR fixes the overflow as I believe it to be a bug.

Previous exception on the new shouldValidateExpiresAtWithMaxLeeway:

Instant exceeds minimum or maximum instant
java.time.DateTimeException: Instant exceeds minimum or maximum instant
	at java.base/java.time.Instant.create(Instant.java:411)
	at java.base/java.time.Instant.ofEpochSecond(Instant.java:330)
	at java.base/java.time.Instant.plus(Instant.java:928)
	at java.base/java.time.Instant.plusSeconds(Instant.java:878)
	at java.base/java.time.Instant.plus(Instant.java:855)
	at java.base/java.time.Instant.minus(Instant.java:978)
	at java.base/java.time.Instant.minus(Instant.java:207)
	at java.base/java.time.Duration.subtractFrom(Duration.java:1137)
	at java.base/java.time.Instant.minus(Instant.java:954)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertInstantIsFuture(JWTVerifier.java:359)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertValidInstantClaim(JWTVerifier.java:344)
	at com.auth0.jwt.JWTVerifier$BaseVerification.lambda$addMandatoryClaimChecks$17(JWTVerifier.java:308)
	at com.auth0.jwt.JWTVerifier$BaseVerification$1.verify(JWTVerifier.java:412)
	at com.auth0.jwt.JWTVerifier.verifyClaims(JWTVerifier.java:489)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:471)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:452)
	at com.auth0.jwt.JWTVerifierTest.shouldValidateExpiresAtWithMaxLeeway(JWTVerifierTest.java:695)

Previous exception on the new shouldValidateNotBeforeWithMaxLeeway:

long overflow
java.lang.ArithmeticException: long overflow
	at java.base/java.lang.Math.addExact(Math.java:848)
	at java.base/java.time.Instant.plus(Instant.java:924)
	at java.base/java.time.Instant.plusSeconds(Instant.java:878)
	at java.base/java.time.Instant.plus(Instant.java:855)
	at java.base/java.time.Instant.plus(Instant.java:207)
	at java.base/java.time.Duration.addTo(Duration.java:1102)
	at java.base/java.time.Instant.plus(Instant.java:787)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertInstantIsLessThanOrEqualToNow(JWTVerifier.java:363)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertValidInstantClaim(JWTVerifier.java:349)
	at com.auth0.jwt.JWTVerifier$BaseVerification.lambda$addMandatoryClaimChecks$18(JWTVerifier.java:310)
	at com.auth0.jwt.JWTVerifier$BaseVerification$1.verify(JWTVerifier.java:412)
	at com.auth0.jwt.JWTVerifier.verifyClaims(JWTVerifier.java:489)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:471)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:452)
	at com.auth0.jwt.JWTVerifierTest.shouldValidateNotBeforeWithMaxLeeway(JWTVerifierTest.java:767)

References

N/A

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds test coverage
• This change has been tested on the latest version of Java or why not

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors