Persistent JWT Signing Keys with PostgreSQL

How to replace the in-memory JWKS key store from the OIDC server tutorial with an encrypted, PostgreSQL-backed store so signing keys survive server restarts and work correctly across multiple instances.