fix acceptance of unknown crit headers and comply with RFC 7515

[antoatta85]

fix: validate crit header parameter per RFC 7515 §4.1.11

Problem

fast-jwt accepted tokens containing a crit (Critical) header parameter
without validating it, violating the MUST requirement in RFC 7515 §4.1.11:

If any of the listed extension Header Parameters are not understood and
supported by the recipient, then the JWS is invalid.

This allowed an attacker to craft a token carrying security-semantic
extensions (e.g. require-mfa, cnf token binding) that would be silently
accepted by fast-jwt while being correctly rejected by compliant libraries
(e.g. jose), creating a split-brain vulnerability in mixed-library
environments.

This is the same class of issue as CVE-2025-59420 (Authlib, CVSS 7.5 HIGH).

Changes

• src/error.js — new error code FAST_JWT_INVALID_CRIT_HEADER
• src/verifier.js — validateCrit() enforces all RFC rules:
  • rejects empty crit: []
  • rejects standard JWS header names inside crit (alg, typ, kid, …)
  • rejects duplicate entries in crit
  • rejects any extension not listed in the new allowedCritHeaders option
  • rejects any extension listed in crit but absent from the header
• src/index.d.ts — allowedCritHeaders?: string[] added to
  VerifierOptions; invalidCritHeader added to TOKEN_ERROR_CODES
• test/verifier.spec.js — 8 new tests covering all validation paths

New createVerifier option

const verifier = createVerifier({
  key: 'secret',
  allowedCritHeaders: ['x-custom-policy'] // extensions this app understands
})

Defaults to [] — any token carrying a crit header is rejected unless the
caller explicitly opts in.

⚠️ Breaking change
Tokens with a crit header that were previously silently accepted will now be rejected. Tokens without crit are completely unaffected.

FIXES #590