Bug: jsonwebtoken claim structure

[tada5hi]

The problem right now is, that the jsowebtoken library enforces a structure, where public claims are located on another property ( data ) what should not be the case according to https://datatracker.ietf.org/doc/html/rfc7519#section-4.2.
Since predefined claims and public claims are on the same level, the rfc requires that there is no identical naming.
Due to the current structure, this library prevents other implementations in other programming languages from successfully decoding the token and accessing the public claims.
The jsonwebtoken crate also does not enforce a structure for the entire transferred claim and only checks whether the predefined claims exist during validation.