AS discussed in dev ML at https://markmail.org/message/dtjnu7fdi5noeagk and previously in
OFBIZ-9833 & OFBIZ-10307 we want to document how to store the JWT secret key. We agreed about keeping it as a property OOTB; and giving a link from the security properties file to suggest how to better do it in production.
Remains to create the documentation and link to it. I believe an .adoc document in security component fits.