v6.3.0

A configuration option scheb_two_factor.trusted_device.key was added to configure an encryption key for the trusted device token. Before, it was hard-coded to use the application's kernel.secret. This is still the case, if you don't set a value for scheb_two_factor.trusted_device.key.

Background:
If you're using lcobucci/jwt version 4.2 or higher, a 265bit key is required for the trusted device token. If your kernel.secret isn't long enough, you'll run into problems. In that case, you have the option to configure a scheb_two_factor.trusted_device.key value with sufficient length, if you don't want to change the kernel.secret value for your entire application (which may have unforeseen consequences (λ) for your application). Warning: This will invalidate all trusted device tokens for your users.

Thanks to @lcobucci for suggesting the approach in #158 and doing the majority of work :)