adjust formatting to match v9 docs

Author: richard-dennehy

docs/reference/security/authentication/jwt-realm.asciidoc

@@ -294,7 +294,17 @@ token.
 as `HS256`. The algorithm must be in the realm's allow list.
 
 `typ`::
-(Optional, String) Indicates the token type. For an ID token, this must be `JWT`; for access tokens, this must be `JWT` or `at+jwt`.
+(Optional, String) Indicates the token type.
++
+For an ID token, this must be
++
+ - `JWT`
+
++
+For access tokens, this must be one of
++
+ - `JWT`
+ - `at+jwt`
 
 [[jwt-validation-payload]]
 ===== Payload claims