release 1.5.2

Bugfixes

• avoid that lua-resty-jwt is an unneccessary dependency in an OAuth 2.0 RS remote validation setup; closes #124
• allow setting ssl_verify to false on userinfo endpoint call; closes #125
• avoid putting a negative TTL into the cache; closes #127
• make handling of missing jwks_uri more robust
• ensure we don't log nil if initial JWT verification fails