Stop parsing the JWT which is intended for the API and should be treated as an opaque string.

Ideally, a completely opaque string, and minimally just validate that it is a JWT without depending on any particular schema or property in the claimset.

The core problem here is that the lib is currently Auth0-and-Cognito-only, and so if we add another JWT issuer we'll be going down a rabbit hole of complexity with case statements for each claimset schema and there's already an OAuth2 standard way of extracting the expiration. It's in the HTTP response from the issuer. This means that clipboard pastes of the token will only show an expiration if it happens to parse successfully, and that will be unknown if not. The library should catch that exception and show at most a warning, possibly only debug level message.

The environment name is also currently extracted from the token and this should become configuration only. Like the expiration, we can try-catch to learn the environment, and just assume production if that fails.

Resolved by #25