use microtime(true) instead of time() for the JWT validation

[bshaffer]

See #488 and #492

use microtime instead of time for JWT validation.

We MAY want to do this in a minor version because it's possible that gettimeofday (which is required by microtime) doesn't exist on all systems. It may be possible to verify that the function does exist, and fall back on date if not.