Optionally validate the payload of a token before verification

[georgejmx]

Description

Describe the purpose of this PR along with any background information and the impacts of the proposed change. For the benefit of the community, please do not assume prior context.

Provide details that support your chosen implementation, including: breaking changes, alternatives considered, changes to the API, etc.

Currently the only way to know that a token returned from jwt.verify() is of the correct format is by verifying the payload returned from the function. This MR makes it so the user can specify a callback payloadCallback that can be provided as an argument to jwt.verify(), which facilitates sanitising the token payload before it is verified

References

Include any links supporting this change such as a:

• GitHub Issue/PR number addressed or fixed

Closes #955

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

• This change adds full test coverage for new/changed/fixed functionality
• This change was made on Ubuntu with Node 20.14

Checklist

• I have added documentation for new/changed functionality in the README
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not the default branch

[georgejmx]

Not keen on the double undefined, however had concerns around making any other changes to the function signature wrt backward compatibility

[georgejmx]

Here is a repo that demos the feature https://github.com/georgejmx/demo-jsonwebtoken-payload-callback

Any more manual testing you need just let me know @Vero7979