Allow ES256 local signer rotation

- Treat ES256 as a supported local rotation algorithm
- Keep unsupported algorithms on the default path

Author: andreevilia

server/signer/rotation.go

@@ -46,7 +46,8 @@ func rotationStrategyForAlgorithm(rotationFrequency, idTokenValidFor time.Durati
 		idTokenValidFor:   idTokenValidFor,
 		algorithm:         algorithm,
 	}
-	switch algorithm {
+	// Only RS256 and ES256 are supported for local key rotation; all other algorithms are handled by the default case.
+	switch algorithm { //nolint:exhaustive
 	case jose.RS256:
 		strategy.key = func() (crypto.Signer, error) {
 			return rsa.GenerateKey(rand.Reader, 2048)