Support nested claim path resolution in ClaimAccessor for JWT

[kalgon]

Expected Behavior

Spring Security should support nested claim path resolution when accessing JWT claims.
A claim name such as resource_access["my.client.id"].roles should be interpreted as a path that navigates nested maps inside the JWT, allowing Spring Security to extract values from structures commonly used by Keycloak and other OIDC providers.

Current Behavior

ClaimAccessor and Jwt.getClaim(String) treat the entire string resource_access["my.client.id"].roles
as a literal top-level claim key.

Since the actual JWT contains:

"resource_access": {
  "my.client.id": {
    "roles": [...]
  }
}

the lookup fails. Spring Security does not attempt to traverse nested maps or interpret bracket notation, making it impossible to use Boot’s authorities-claim-name for nested claims.

Context

Keycloak and many identity providers store roles/permissions inside nested JSON structures, and client IDs often contain dots. This makes nested claims essential for real-world configurations.
To access these claims today, I must write custom JwtGrantedAuthoritiesConverter implementations and manually navigate the nested maps.

This adds boilerplate, duplicates logic across projects, and prevents users from leveraging Spring Boot’s configuration properties (spring.security.oauth2.resourceserver.jwt.authorities-claim-name) for these cases.

A built-in nested path resolver would eliminate custom code and improve interoperability with common OIDC providers.

[kalgon]

Now that I think of it, it would be convenient if we could tell spring (boot?) to use an ExpressionJwtGrantedAuthoritiesConverter that would use the authoritiesClaimName as its expression.