update JWT realm docs to include at+jwt support (#126841)

docs/reference/security/authentication/jwt-realm.asciidoc

@@ -294,7 +294,17 @@ token.
 as `HS256`. The algorithm must be in the realm's allow list.
 
 `typ`::
-(Optional, String) Indicates the token type, which must be `JWT`.
+(Optional, String) Indicates the token type.
++
+For an ID token, this must be
++
+ - `JWT`
+
++
+For access tokens, this must be one of
++
+ - `JWT`
+ - `at+jwt`
 
 [[jwt-validation-payload]]
 ===== Payload claims