Add security mistakes examples

[Ocramius]

We need a couple of examples of things to avoid:

• using an unsafe key
• storing server-sensitive information in the session
• storing objects in the session

[Slamdunk]

• using an unsafe key

This point has been addressed in upstream library:

1. Require minimum key size for HMAC algorithm lcobucci/jwt#835
2. Key: require non-empty-string for factory methods too lcobucci/jwt#836
3. Require minimum key size for OpenSSL keys lcobucci/jwt#855
4. Remove empty Signer, empty Key, empty Signature, empty strings lcobucci/jwt#939