Support mapping JWT claims to general-purpose NGINX variables.

[mgilham]

This change adds a new auth_jwt_extract_claims directive to extract claims to dedicated NGINX variables, which can be used generally in response bodies, the map module, etc. It preserves backwards compatibility with the existing header-based claim extraction.

The flow is different. Previously, the JWT was parsed, validated, and had claims extracted in nginx's "access" phase (NGX_HTTP_ACCESS_PHASE). With this PR, those JWT operations potentially happen earlier in the request lifecycle. We introduce a module context struct to hold the JWT validation status and the values of any claim variables. The JWT is processed and this context created on-demand, and it is cached by nginx for later use in the lifecycle of the request. This JWT processing happens at the latest during the access phase (as before), and at the earliest when a the value of a variable is requested via its "getter". The access-phase handler uses the validation status cached in the context, to preserve existing auth logic.

Note that "if" statements are still confusing due to nginx's design, but they can still be employed with some care to fill gaps for some use cases.

[JoshMcCullough]

Thank you for this!

Mostly formatting issues to match our existing format/spacing/line-breaks.

Can you take a lok at your changes and fix spots where you have something like...

some_type blah = ...;
if (...)

We prefer empty lines before if statements.

Also, in places where you do:

if (...)
{
  return ...;
}

// more code here

We prefer the "more code" to be in an else block so the variable declarations are scoped as small as possible / so the flow is more clear.

I made some suggested changes in this area but only via GitHub's editor so use caution when accepting. I don't think I broke anything.

[mgilham]

👍 Functionality checks out after re-formatting.

[JoshMcCullough]

Looks good, thanks.