Reject token with un-encoded payload (b64=false)

[rdebusscher]

As stated in RFC-7797 JSON Web Signature (JWS) Unencoded Payload Option,

For interoperability reasons, JSON Web Tokens [JWT] MUST NOT use
"b64" with a "false" value.

This means that the this spec must be updated to mention that token with b65=false header must be rejected and a TCK test is needed to confirm an implementation handles it correctly.

[sberyozkin]

I'm not sure MP JWT spec needs to focus on this property as it also involves the use of the crit header, https://www.rfc-editor.org/rfc/rfc7797#section-6, and it just can make it tricky to deal with; but please investigate if you'd like.