pub fn decode_claims_unverified(token: &str) -> Result<JwtClaims, JwtError>
Decode JWT claims WITHOUT verifying the signature.
This is used for the initial dispatch to determine if a bearer token is a JWT or an atrg session token.