fix: use bitwise comparison for jwt validation errors

[narg95]

Issue

Reported by @mitar here

Description

Use bitwise comparison for validation errors instead of ==.

A JWT validation error can encode multiple errors in one instance, therefore a simple == is only effective on single errors, but not with multiple. A proper comparison must use bit masking if ( _ & _ ) != 0.
This PR finds and fixes the places where this comparison occurs.

Checklist

• [x ] I have read the contributing guidelines
  and signed the CLA.
• [x ] I have read the security policy.
• [x ] I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• [x ] I have added tests that prove my fix is effective or that my feature
  works.
• [x ] I have added necessary documentation within the code base (if
  appropriate).

[narg95]

@aeneasr gobuffalo/packr@1.22.0 package is reporting a vulnerability and the tests are failing see:

pkg:golang/github.com/gobuffalo/packr@1.22.0
1 known vulnerabilities affecting installed version

[james-d-elliott]

@aeneasr gobuffalo/packr@1.22.0 package is reporting a vulnerability and the tests are failing see:

pkg:golang/github.com/gobuffalo/packr@1.22.0
1 known vulnerabilities affecting installed version

Looks like this was fixed in v2.3.2 / v1.30.0 / v1.26.0: gobuffalo/packr@f58136c

[aeneasr]

🙏

[mitar]

Thanks for doing a followup!

[narg95]

You are welcome!