feat (jans-cedarling): Add CEDARLING_MAPPING_ACCESS_TOKEN_USER_SUB_IDENTIFIER property to enable User mapping from access token

[nynymike]

Supporting User creation from an access token is atypical, but possible, if the developer is using the Resource Owner Password Credential Grant--which is the anti-pattern. Or if a user identity has been stuffed into an access token for some other reason. CEDARLING_MAPPING_ACCESS_TOKEN_USER_SUB_IDENTIFIER enables a developer to explicitly specify which access token claim should be used as the User subject identifer. You can't assume sub refers to a person in an access_token. There closest thing to a default would be "username", based on 6749.

Identified code changes

• Add bootstrap property CEDARLING_MAPPING_ACCESS_TOKEN_USER_SUB_IDENTIFIER
• Set default to username in sample properties
• If None is given, then User mapping from access_token is disabled

---

Test cases and code coverage

• Write unit test to cover added/changed code
• Update integration tests to cover added/changed code

---

Document the changes

• Update Reference docs for new bootstrap property