Drop support for nesting the sub JWT claim under a namespace

[alco]

When we renamed the custom user_id claim to sub in #692, we forgot to adjust its behaviour when AUTH_JWT_NAMESPACE is configured.

user_id was our custom claim whose name is prone to conflicts when included at the top level of a token. For that reason, developers could define an arbitrarily-named namespace using the AUTH_JWT_NAMESPACE configuration option and put the user_id claim under that.

sub is a registered claim that's defined in the original JWT spec, it is only supposed to be included at the top level, not nested under any namespaces.

When we renamed user_id to sub, we didn't put any guards in place to ensure that sub is only looked up at the top level. As a consequence, putting the sub claim under a developer-defined namespace is currently possible, though unintentionally.

This has sprung some confusion in the community, see this thread in Discord - https://discord.com/channels/933657521581858818/1227630648261476352/1227953166763688106.

To remove the confusion, we should make it so Electric only looks up the sub claim at the top level of a token. The namespace configuration option becomes somewhat unnecessary in light of that but we can keep it as an extension point for when we add support for more custom claims in the future.

[KyleAMathews]

👋 we've been working the last month on a rebuild of the Electric server over at a temporary repo https://github.com/electric-sql/electric-next/

You can read more about why we made the decision at https://next.electric-sql.com/about

We're really excited about all the new possibilities the new server brings and we hope you'll check it out soon and give us your feedback.

We're now moving the temporary repo back here. As part of that migration we're closing all the old issues, PRs, and discussions. We really appreciate you taking the time to start this discussion! If it's still relevant in the new system, please reopen.