Proposal: add TokenInfo.UserID #589
Description
Add a UserID field of type string to auth.TokenInfo. A TokenVerifier may set this field to a non-empty value if it knows how to find the user ID in the token.
If present, the user ID can be used to increase security. See, for example, #586. Instead of calling GetUserID as suggested in that proposal, code would call TokenInfoFromContext and then access the UserID field.
/cc @findleyr