validatePayload() should prioritize $registration->getToolJwksUrl() over $toolKeyChain->getPublicKey()

[murtazasultani]

In the PlatformLaunchValidator class, the validatePayload() method currently resolves the tool's public key by checking $registration->getToolKeyChain() first. However, this behavior should be reversed: if a JWKS URL is provided via $registration->getToolJwksUrl(), it should take precedence over any statically configured key from $toolKeyChain->getPublicKey().

[wazelin]

The predefined key has intentionally been given priority. If your use case does not require it, you may simply omit it or set its value to null in the keychain configuration, @murtazasultani.