Describe the bug

The jwt logic assumes exp is in ms timestamp format (time.getUnixTime is just Date.now), but the JWT RFC (https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4) states it should be seconds since epoch, not ms. This means that if something is using lib0 to validate a JWT token, but that JWT token was generated to the RFC, the expiration check will fail.

To Reproduce
Steps to reproduce the behavior:

1. Generate a standards compliant JWT token (e.g., with a JWT library in another platform)
2. Verify the token with lib0
3. See false expiration error

Expected behavior
Expect epoch seconds for exp claims.

Possibly add logic to support both since the bug was out there.

Relevant code: