Function verifyJwt

Centralized JWT verification with alg / iss / aud / typ pinning.

The verifier:

1. decodes the protected header (without signature check) to read kid and typ,
2. validates typ against the expected value (legacy compat is opt-in via JwtVerifyOptions.legacyTypAccept),
3. resolves the verification key by kid via KeyStore.getVerificationKey (falls back to the current signing kid when the JWT has no kid header),
4. delegates to jose jwtVerify with explicit algorithms, issuer, and audience options — pinning all three at the security-critical layer,
5. enforces iat <= now + clockSkewMs post-signature (jose does not validate iat-in-future by default), and
6. enforces optional azp / nonce claim bindings post-signature.

On any failure the verifier throws JwtVerificationError with a stable JwtVerificationReason. Callers map that to their own error envelope (e.g. RFC 6749 error: "invalid_token").