feature: Add extra feedback once someone solves JWT refresh lesson differently

One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.

src/main/resources/lessons/jwt/i18n/WebGoatLabels.properties

@@ -21,6 +21,7 @@ jwt-refresh-hint2=The token from the access log is no longer valid, can you find
 jwt-refresh-hint3=The endpoint for refreshing a token is 'JWT/refresh/newToken'
 jwt-refresh-hint4=Use the found access token in the Authorization: Bearer header and use your own refresh token
 jwt-refresh-not-tom=User is not Tom but {0}, please try again
+jwt-refresh-alg-none=Nicely found! You solved the assignment with 'alg: none' can you also solve it by using the refresh token?
 
 jwt-final-jerry-account=Yikes, you are removing Jerry's account, try to delete the account of Tom 
 jwt-final-not-tom=Username is not Tom try to pass a token for Tom
@@ -30,4 +31,4 @@ jwt-final-hint2=The 'kid' (key ID) header parameter is a hint indicating which k
 jwt-final-hint3=The key can be located on the filesystem in memory or even reside in the database
 jwt-final-hint4=The key is stored in the database and loaded while verifying a token
 jwt-final-hint5=Using a SQL injection you might be able to manipulate the key to something you know and create a new token.
-jwt-final-hint6=Use: hacked' UNION select 'deletingTom' from INFORMATION_SCHEMA.SYSTEM_USERS --  as the kid in the header and change the contents of the token to Tom and hit the endpoint with the new token
+jwt-final-hint6=Use: hacked' UNION select 'deletingTom' from INFORMATION_SCHEMA.SYSTEM_USERS --  as the kid in the header and change the contents of the token to Tom and hit the endpoint with the new token