use JWT when and only when the user specifies a JWT secret explicitly

[tersec]

This has some advantages:

• It allows people to configure and test with JWT without being on a merge testnet.

• When Prater and mainnet do each get a non-FAR_FUTURE_EPOCH BELLATRIX_FORK_EPOCH but before the merge actually happens, it won't break all those setups using those incompatible Web3 providers; rather, it'll be user choice/action determining this.

• it de-emphasizes the less useful case of using its CL-autogenerated JWT secret, because generally one's would launch the EL first, and it will generate a secret. For an EL, this is a reasonable approach. For a CL, it seldom makes sense to any default generated JWT secret.

Because of the last point, even in the testnets, there will be virtually no breakage from changing the edge case-semantics of this option.

[github-actions]

Unit Test Results

     12 files  ±0     857 suites  ±0   1h 8m 36s ⏱️ +19s
1 716 tests ±0  1 664 ✔️ ±0    52 💤 ±0  0 ❌ ±0 
9 960 runs  ±0  9 832 ✔️ ±0  128 💤 ±0  0 ❌ ±0 

Results for commit 227171c. ± Comparison against base commit 56cd6e2.