Fix HTTP sig verify with created/expires fields

Fixed a bug where verifyRequest() threw a TypeError when verifying
HTTP signatures containing `created` or `expires` fields as defined
in draft-cavage-http-signatures-12. These fields should be unquoted
integers according to the specification, but the parser was only
handling quoted string values.

This issue was causing 500 Internal Server Error responses in inbox
handlers when receiving activities with such signatures. The fix now
correctly parses both quoted strings and unquoted integers in the
Signature header, and properly validates the created/expires timestamps.

Added test case with a real-world signature example from oeee.cafe
that includes both created and expires fields.