Add JWT decode UI, InfoTip tooltips, and OIDC discovery

[kellenmurphy]

Summary

• JWT decode UI — full results panel with summary, timestamps, scopes, alg-none/weak warnings, and header+payload JSON; auto-detected from the single input box alongside SAML
• InfoTip tooltips — hover ? on every summary field (SAML and JWT), tooltip text externalized in explanations.ts for future i18n; position: fixed to escape overflow-hidden card containers
• OIDC Discovery — "Discover" button on JWT Issuer row fetches /.well-known/openid-configuration via the /api/discover proxy; displays issuer match/mismatch badge, JWKS URI, auth/token/userinfo endpoints as links, and ID token algs with the token's alg highlighted; race-condition safe via generation counter
• Dependency cleanup — removed unused @peculiar/x509 (replaced by custom DER parser)
• Test coverage — 100% statements/branches/functions/lines maintained across all src/lib/ modules (162 tests)
• Docs — rewrote README, SECURITY.md, and CLAUDE.md to accurately reflect the current state of the project

Test plan

• Paste a JWT with a known OIDC issuer (e.g. Google, Okta, Entra) — summary, timestamps, and scopes render correctly
• Click "Discover" — OIDC Discovery card appears with issuer match badge, endpoints, and alg list
• Paste a JWT with a fake/unreachable issuer — error banner appears below scopes
• Paste a new JWT while discovery is loading — stale result is discarded (generation counter)
• Paste a SAML assertion — SAML path unaffected, discovery state resets
• Clear the input — all state resets, no stale discovery card
• Hover ? tooltips on SAML and JWT summary fields — tooltip renders above button, text is legible in both light and dark mode
• CI passes (build, lint, type check, coverage)

🤖 Generated with Claude Code

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!