Principal extraction from nested username claim was broken

[mstruk]

When extracting a user id from JWT token by using oauth.username.claim or oauth.fallback.username.claim it only worked for top level attributes, not for nested attributes. For example, by configuring: "oauth.username.claim=auth.userid", and given a JWT token:

{
    ...
   "auth": {
      "userid": "alice"
   }
}

Extraction would not find 'userid' key under top level 'auth' object, rather it was looking for 'auth.userid' top level key.

This PR adds an option to use JsonPath to target nested attributes. If the claim specification starts with an opening square bracket '[', it is interpreted as a JsonPath query. Otherwise, it is interpreted as a top level attribute name.

userId                    ... use top level attribute named 'userId'
user.id                   ... use top level attribute named 'user.id'
$userid                   ... use top level attribute named '$userid'
['userInfo'].id           ... use nested attribute 'id' under 'userInfo' top level attribute
['user.info']['user.id']  ... use nested attribute 'user.id' under 'user.info' top level attribute
['user.info'].['user.id'] ... use nested attribute 'user.id' under 'user.info' top level attribute (optional dot)

[mstruk]

@scholzj Thanks for pointing this out. Upon a second look I realised that the fix is not good as it potentially introduces backwards compatibility issues. I'll describe the problem in more detail, and I'm working on a proper fix.

[mstruk]

@tombentley I hope I adequately addressed the comments. WDYT?