COSE: Fixes for key-id is absent in unprotected headers

According to RFC8152 the unprotected header can be empty,
in this case an empty map item must be added to the token.
This change improves the verifier code to be able to handle
this scenario.

Change-Id: I0f784db19e53edcedfb36a238ab0cff2aafae7c5
Signed-off-by: Laurence Lundblade <lgl@securitytheory.com>