getSignatureAlgorithm ignores alg value set within JWS header

The `getSignatureAlgorithm` method from the JwsUtils ignore any value set within the "alg" JWS header, instead the code looks for a static JAX-RS property (rs.security.signature.algorithm) or tries to detect the algorithm based on the selected alias in a keystore file. This makes it more complicated to configure a CXF provider and limits the token validation to a single specified algorythm. Using the header value instead would avoid such additional configuration properties and make the solution more dynamic.