ParseUnverified godoc update

[duhaesbaert]

This is sort of a nitpick or my side, but the godoc for the ParseUnverified is the following:

// ParseUnverified parses the token but doesn't validate the signature.
//
// WARNING: Don't use this method unless you know what you're doing.
//
// It's only ever useful in cases where you know the signature is valid (because it has
// been checked previously in the stack) and you want to extract values from it.

The part that I would suggest changing is because it has been checked previously in the stack, that does not necessarily must be true, for example, when receiving a JWT that will be validated after the parse has happened, we should be exposed to any risks as well.

So the godoc could be something like:

// ParseUnverified parses the token but doesn't validate the signature.
//
// WARNING: Don't use this method unless you know what you're doing.
//
// It's only ever useful in cases where you know the signature is valid (since it has already 
// been or will be checked elsewhere in the stack) and you want to extract values from it.

Opening an issue to understand if that makes sense, and if so I can open this really short PR to fix as well.

[oxisto]

Looks fine to be, feel free to open a PR for this :)