Feat/id token claims custom

[vladislavbogomolov]

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

📋 Changes

This PR makes the list of ID-token claims extensible via an environment variable:

• Added support for AUTH0_ID_TOKEN_CLAIMS_CUSTOM – a comma-separated list of additional claim names.
• Updated the default claim array so that custom entries are appended only when the variable is set, trimming whitespace and ignoring empty items.
• No breaking changes – if the variable is undefined, behaviour is identical to the current release.

Why is this important?

Projects often need extra user metadata (e.g. role, tier, locale) inside the ID token for quick client-side access. Allowing claims to be configured by env keeps the core codebase clean while giving integrators flexibility.

📎 References

• Fixes – “Allow custom claims in ID token”
• Auth0 Community topic: “How do I add app-specific claims without forking?”

🎯 Testing

1. Unit tests cover:

   • Construction of the claim array with, without, and with malformed AUTH0_ID_TOKEN_CLAIMS_CUSTOM.
   • Deduplication / trimming logic.

2. Manual (optional):

   # without custom claims
   AUTH0_ID_TOKEN_CLAIMS_CUSTOM="" npm test
   # with custom claims
   AUTH0_ID_TOKEN_CLAIMS_CUSTOM="role, tier , locale" npm test

   Confirm that the resulting token payload contains the base claims plus "role", "tier", and "locale".

No other runtime behaviour is affected.