Update default LTI keys

[nwalters512]

The default keys used a short key length and outdated algorithm, which made them incompatible with newer LTI tools.

I also updated the instructions for generating new keys; the old instructions don't work (see #1861). I copied the call from here:

canvas-lms/gems/canvas_security/lib/canvas_security/key_storage.rb

Lines 34 to 36 in fbe666a

	def new_key
	CanvasSecurity::RSAKeyPair.new.to_jwk.to_json
	end

Closes #1861.

[CLAassistant]

All committers have signed the CLA.

[dustin-cowles]

@nwalters512 Thanks for your contribution! This looks good to me, if you can resolve the merge conflicts I will pull it into our CR pipeline.

[nwalters512]

@dustin-cowles I've resolved the merge conflicts! I left a few comments to call out some questions I had.

[nwalters512]

Both here and in inst-cli/docker-compose/config/dynamic_settings.yml.erb, it looked to be like the only differences between the lti-keys and services-jwt values were the kid fields of each, which had a _a/_b/_c suffix in the services-jwt section. Let me know if you'd like me to generate completely separate keys for services-jwt. I don't know enough about how these are used to make that call myself.

[nwalters512]

This file doesn't have a services-jwt: section. Is that intentional?