JWT Constraints checking time should have some customizable "wiggle room"

[Jonas-Sander]

Because the server creating the JWT token and the server validating the JWT could have some slightly inaccurate clocks there should be some customizable "wiggle room" for all checks that have time in them.

Constrains that need some "wiggle room":

• Expiration time "exp" must be in the future. The time is measured in seconds since the UNIX epoch.
• Issued-at time "iat" must be in the past. The time is measured in seconds since the UNIX epoch.
• Authentication time "auth_time" must be in the past.