Validate a JWT hasn't expired before sending to controller

[dovholuknf]

the ziti CLI will verify a token hasn't expired before even attempting to use it. for example:

ziti edge enroll expired.jwt
...
failed to parse JWT: token has invalid claims: token is expired

ziti-edge-tunnel should also verify the token's before trying to use it. Minimally we should verify the exp and nbf if present. possibly also check the iat to make sure it's not too far in the future?