WithConfig is not validating jwt by default settings

Describe the bug

Currently there is no ValidateOptions in the DefaultConfig, and the WithConfig function will only validate the token where there is at least one validation option. This leads to expired token passing through the middleware.

Is there any particular reason I missed that we don't set jwt.WithValidate(true) by default?

echo-middleware-jwx/jwx.go

Lines 82 to 83 in a7763b9

    
           if len(config.ValidateOptions) > 0 { 
        
           	options = append(options, jwt.WithValidate(true))

To Reproduce / Expected behavior
Current: Run the server with this middleware and start a request with a valid but expired token, the middleware will accept it.

Expected: throw 401 with message=invalid or expired jwt, internal=exp not satisfied"

Additional context
Thank you for the marvelous jwx project and this great example. Helped me a lot on how to use jwx with Echo.

	if len(config.ValidateOptions) > 0 {
	options = append(options, jwt.WithValidate(true))