[sda-download] a missing iss.json file means no visa validation will be done.

[jbygdell]

Describe the bug
If sda-download is started and the iss.json file is missing or is empty or that it is not part of the config for sda-download, no checks if the visa provider is allowed to issue visas against datasets that exists in the archive that sda-download is connected to.

Steps to reproduce
Start sda-download in you desired way with an empty or missing iss.json file, or without the oidc.trusted.iss part of the config file. Get the token and query the metadata endpoint to list datasets.

Expected behavior

• Without a iss.json file the sda-download should not start.
• It shouldn't start if the json is empty
• It shouldn't start if the content of the json cannot be parsed
• Tests verifying the fix are added

** Extra information**
The line 358 in auth.go should be false:

sensitive-data-archive/sda-download/pkg/auth/auth.go

Line 358 in 6993365

return true

Additional context

Estimation of size: small/medium/big

Estimation of priority: low/medium/high