verifyJWT assumes non-standard expiration claim format (ms instead of seconds)

[entropi]

Describe the bug

The jwt logic assumes exp is in ms timestamp format (time.getUnixTime is just Date.now), but the JWT RFC (https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4) states it should be seconds since epoch, not ms. This means that if something is using lib0 to validate a JWT token, but that JWT token was generated to the RFC, the expiration check will fail.

To Reproduce Steps to reproduce the behavior:

1. Generate a standards compliant JWT token (e.g., with a JWT library in another platform)
2. Verify the token with lib0
3. See false expiration error

Expected behavior Expect epoch seconds for exp claims.

Possibly add logic to support both since the bug was out there.

Relevant code: https://github.com/dmonad/lib0/blob/e8bb1550fdb5394d7b72345db91fe409ede4111a/crypto/jwt.js#L50