Add support for azp claim in JWT client ID extraction

[roee-hersh]

Description

The JWT verifier doesn't check the azp claim when extracting client_id for logging. Many identity providers (Keycloak, Auth0) use azp for client identification per the OpenID Connect spec.

Current code:

client_id = claims.get("client_id") or claims.get("sub") or "unknown"

Proposed change:

client_id = claims.get("client_id") or claims.get("sub") or claims.get("azp") or "unknown"

Note: client_id is only used for logging, not authentication/authorization.

Context

Initially thought this was blocking authentication when tokens had client_id in azp field (seeing log: "Bearer token rejected for client fcf52b7e-b66f-4e8e-9f1b-1bf98c9fbe3f"), but the actual issue was missing the openid scope (couldn't add it to the token configuration). However, for proper logging and standards compliance, the azp claim should still be supported in the fallback chain.

Version Information

FastMCP version:                                                                            2.12.3
MCP version:                                                                                1.14.1
Python version:                                                                             3.12.3
Platform:                                                               macOS-15.5-arm64-arm-64bit
FastMCP root path: /Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages