Add creation review for JWT Bridge spec

[Emily-Jiang]

@jclingan as promised, I have created the creation review for next week's discussion. Please take a look to see whether you have any comments.

[dblevins]

What do we think about updating this:

The specification is to enable Jakarta Security building on MicroProfile JWT without forking it but providing seamless integrations with MicroProfile JWT.

To this:

The specification enables mapping MicroProfile JWT tokens to Jakarta EE container APIs not included in the MicroProfile umbrella and provides a place where Jakarta EE specifications, such as Jakarta Security, can build requirements and seamless integrations with MicroProfile JWT.

Our "Mapping MP-JWT Tokens to Jakarta EE Container APIs" chapter really covers many Jakarta EE specs, so we should maybe acknowledge that. Otherwise, we're implying this is limited to Jakarta Security despite the fact there will be requirements for other specifications.

Thoughts?

[arjantijms]

Perhaps specifically mention that for Jakarta Security, MP JWT has to technically function as a pluggable authentication mechanism an equal footing with provided authentication mechanisms such as the HTTP Basic, Form, and OpenID Connect authentication mechanisms.

As such, Jakarta Security does not build upon MP JWT, nor is MP JWT layered on top of Jakarta Security. MP JWT should just present itself as an authentication mechanism.

As an example, consider https://github.com/OmniFish-EE/omni-jwt

That implementation plugs in to any Jakarta Security implementation, simply by using the HttpAuthenticationMechanism interface.

[Emily-Jiang]

@dblevins I have created a feature branch jwt-bridge-branch and delivered the initial creation plan review there. Please checkout and do your PR regarding the TCK clarification. Please also take a look at the comments above from @arjantijms to see whether you can address it as well. I will close this PR after the call this Thursday.