Clarify user account requirement for JWT token
During my testing of PR !2 (merged) I've discovered that the username that is mentioned in the JWT token's payload must also exist as a user in Nextcloud. However, it must not be part of the admin group, it can be a regular unprivileged user. Given the latter, why do we even need an actual user account in the first place? Couldn't we just use a token that is "userless", and once verified allows access to editing users and groups using SCIM?