try to explain accept_unsupported_alg better

Author: bodewig

README.md

@@ -118,8 +118,8 @@ http {
              --accept_unsupported_alg = true
              -- if you want to reject tokens signed using an algorithm
              -- not supported by lua-resty-jwt set this to false. If
-             -- you leave it unset, the token signature will not be
-             -- verified at all.
+             -- you leave it unset or set it to true, the token signature will not be
+             -- verified when an unsupported algorithm is used.
 
              --renew_access_token_on_expiry = true
              -- whether this plugin shall try to silently renew the access token once it is expired if a refresh token is available.