Exception - mod_lti\local\ltiopenid\jwks_helper::fix_jwks_alg(): Argument #1 ($jwks) must be of type array, null given, called in [dirroot]/mod/lti/locallib.php on line 1336

There are two problems here:
1. Errors aren't being surfaced when fetching or parsing the JKWS fails. We end up with null being passed to jwks_helper::fix_jwks_alg()
2. In the case where lti_verify_with_keyset() is being called as part of a token request, the fact that the above is a TypeError (a throwable) and not an Exception, means that the token endpoint won't catch it, and won't return JSON, which is should so. Resolving 1 by throwing exceptions should naturally resolve 2, since the TypeError won't be seen.

Replication steps:
There are currently two scenarios in which we try to verify a JWT signature by fetching tool JWKS. A failed download of the JWKS (or failed json_decoding of that JWKS), can result in the null, which causes the above error.

1. deep linking: verifying the message the tool returns containing the content items.
2. during the token endpoint code, when processing a tool's access token request (what's being reported here).

It's probably easiest to replicate during deep linking + Moodle-to-Moodle LTI, since that's a front channel exchange vs back channel for token requests, but both can reproduce the issue when the code is modified to expose the issue.

1. Change the code to throw an exception in the 'try' block inside lti_verify_with_keyset().
2. Inside the catch block, force $keysetarr = null;
3. Perform deep linking
4. Select some content and return it to the platform

Observe the TypeError on return.