Add timeouts for JWT decoder in AadResourceServerConfiguration

[berry120]

Set default read & connect timeouts on NimbusJwtDecoder.

Description

This spring security issue highlighted the potential for 15 minute (or longer) hangs due to the absence of explicit connect & read timeouts on the NimbusJwtDecoder. This is fixed in Spring Security, however the Azure SDK explicitly overrides restOperations in the NimbusJwtDecoder it creates, meaning we need the fix explicitly here, too.

As a current workaround, the following can be defined as a bean on a configuration class:

    @Bean
    RestTemplateBuilder restTemplateBuilder(RestTemplateBuilderConfigurer configurer) {
        return configurer.configure(new RestTemplateBuilder())
            .connectTimeout(Duration.ofMillis(JWKSourceBuilder.DEFAULT_HTTP_CONNECT_TIMEOUT))
            .readTimeout(Duration.ofMillis(JWKSourceBuilder.DEFAULT_HTTP_READ_TIMEOUT));
    }

However, this isn't ideal as it applies globally, and has to be specified in each project.

All SDK Contribution checklist:

• The pull request does not introduce [breaking changes]
• CHANGELOG is updated for new features, bug fixes or other significant changes.
• I have read the contribution guidelines.

General Guidelines and Best Practices

• Title of the pull request is clear and informative.
• There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

• Pull request includes test coverage for the included changes.

[github-actions]

Thank you for your contribution @berry120! We will review the pull request and get back to you soon.