Add defensive unit tests

The current level of testing proves that the lib is capable of parsing/decoding JWT with claim support but doesn't cover a lot of cases for bad/invalid/error prone content. So some tests to make sure this fails and is reported clearly to the lib user will be needed.

The README should be updated to reflect this as well.