Adds configurable RSA key size

[NateSwanson7]

configurable platform RSA modulusLength via options.keySize

Closes #289

Summary

Adds a new keySize option to lti.setup() that controls the RSA modulus length used by Auth.generatePlatformKeyPair when generating per-platform keypairs during registerPlatform(). Default behavior is unchanged (4096).

lti.setup(KEY, db, {
  // ...existing options
  keySize: 2048,
})

Motivation, benchmarks, and spec context are in the linked issue. The short version: 4096-bit generateKeyPairSync is the dominant cost in dynamic registration on small instances (several seconds, with multiplicative variance into the double-digit-seconds range), 2048 is the LTI 1.3 spec minimum, and Canvas/Moodle/Blackboard all use 2048.

What changed

Threading keySize from setup → registerPlatform → Auth, with the same explicit-arg fallback pattern that the existing ENCRYPTIONKEY/Database/getPlatform plumbing uses. This keeps the option working through both call paths:

• Direct call path (lti.registerPlatform({...})) — this === Provider, falls back to the configured #keySize.
• DynamicRegistration path — registerPlatform is invoked as a bare function reference where this !== Provider, so the service constructor receives keySize from the Provider at setup time and passes it explicitly into the call.

Files touched:

File	Change
src/Provider/Provider.js	New #keySize = 4096 private field; new options.keySize validation in setup() (throws INVALID_KEYSIZE for non-integer or < 2048); JSDoc; registerPlatform signature accepts optional keySize; passes this.#keySize into the DynamicRegistration constructor
src/Provider/Services/DynamicRegistration.js	Constructor accepts keySize; stores on a private field; passes it through to registerPlatform
src/Utils/Auth.js	generatePlatformKeyPair accepts keySize = 4096; uses it for modulusLength; JSDoc
test/0-keysize.js (new)	Unit tests for the static Auth.generatePlatformKeyPair with default (4096) and explicit (2048) keySize
test/0-provider.js	Two new tests for Provider.setup validation (non-integer and < 2048 both reject with INVALID_KEYSIZE)

Backwards compatibility

Default value is unchanged (4096). Consumers who do not pass keySize see identical behavior. Validation only runs when the option is explicitly set.

Tests

$ npm run build && npm test
...
98 passing (4s)

All existing tests pass. New tests:

• Auth.generatePlatformKeyPair default produces a 4096-bit RSA modulus
• Auth.generatePlatformKeyPair with keySize: 2048 produces a 2048-bit RSA modulus
• Provider.setup rejects non-integer keySize with INVALID_KEYSIZE
• Provider.setup rejects keySize < 2048 with INVALID_KEYSIZE

Modulus length is asserted via crypto.createPublicKey(pem).asymmetricKeyDetails.modulusLength.