CVE-2017-11424 Applies to python-jose as well!

[sirosen]

CVE-2017-11424 details a key confusion attack against pyjwt.

As I understand it, we just need to add another magic string to this check

Not being a crypto expert, I'll open a pull request with the fix described in the CVE, but would appreciate someone else taking a look at the CVE before merging.