Update validate-jwt-policy.md

Add signing algorithms

Author: dlepow

articles/api-management/validate-jwt-policy.md

@@ -118,6 +118,7 @@ The `validate-jwt` policy enforces existence and validity of a supported JSON we
     * **HS256** - the key must be provided inline within the policy in the Base64-encoded form. 
     * **RS256** - the key may be provided either via an OpenID configuration endpoint, or by providing the ID of an uploaded certificate (in PFX format) that contains the public key, or the modulus-exponent pair of the public key.
 * The policy supports tokens encrypted with symmetric keys using the following encryption algorithms: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512.
+* The policy supports tokens encrypted with asymmetric keys using the following encryption algortiths: PS256, RS512.
 * To configure the policy with one or more OpenID configuration endpoints for use with a self-hosted gateway, the OpenID configuration endpoints URLs must also be reachable by the cloud gateway.
 * You can use access restriction policies in different scopes for different purposes. For example, you can secure the whole API with Microsoft Entra authentication by applying the `validate-jwt` policy on the API level, or you can apply it on the API operation level and use `claims` for more granular control.
 * When using a custom header (`header-name`), the configured required scheme (`require-scheme`) will be ignored. To use a required scheme, JWT tokens must be provided in the `Authorization` header.