Handle invalid token when adding redirection headers

[randyabson]

What this PR does

Currently, while decoding a token while redirecting to login, it's possible for errors to occur. Example error: Signature has expired.

This PR rescues token decoding errors and handles them gracefully. The login url will not include the shop param in this scenario.

Exception:

gems/shopify_api-14.8.0/lib/shopify_api/auth/jwt_payload.rb:87:in `rescue in decode_token': Error decoding session token: Signature has expired (ShopifyAPI::Errors::InvalidJwtTokenError)
    from gems/shopify_api-14.8.0/lib/shopify_api/auth/jwt_payload.rb:84:in `decode_token'
    from gems/shopify_api-14.8.0/lib/shopify_api/auth/jwt_payload.rb:23:in `initialize'
    from gems/shopify_app-22.5.1/lib/shopify_app/controller_concerns/login_protection.rb:92:in `new'
    from gems/shopify_app-22.5.1/lib/shopify_app/controller_concerns/login_protection.rb:92:in `add_top_level_redirection_headers'
    from gems/shopify_app-22.5.1/lib/shopify_app/controller_concerns/login_protection.rb:112:in `redirect_to_login'

Reviewer's guide to testing

The test covers this scenario by simulating an error decoding the session token, in this case the error is Not enough or too many segments but it covers any error while decoding tokens.

Things to focus on

I'm unfamiliar with this repo so please ensure the way that the exception is handled won't cause issues in the redirect.

Checklist

Before submitting the PR, please consider if any of the following are needed:

• Update CHANGELOG.md if the changes would impact users
• Update README.md, if appropriate.
• Update any relevant pages in /docs, if necessary
• For security fixes, the Disclosure Policy must be followed.

[andru-h]

LGTM with my limited context on the gem

[lizkenyon]

I believe this looks good!

I am just going to flag this with the App Access team for a quick once over.

Could you please add a note in the CHANGELOG.md