Build a TokenValidator that resolves a presented bearer token against a fixed in-memory table. A token present in tokens returns its associated TokenInfo (with valid forced true so callers cannot accidentally register a "valid" entry that fails authorization); any unknown token returns TokenInfo.invalid().
A trivial bearer-token verifier built from an in-memory map of token string → TokenInfo, for local development and tests. It is the D analogue of FastMCP's StaticTokenVerifier.
WARNING: this verifier performs NO cryptographic validation, expiry checking, or revocation — it simply looks the presented token up in a fixed table. It is intended ONLY for local dev and automated tests. Do NOT use it in production; use jwtVerifier (RFC 7519 / JWKS) or introspectionVerifier (RFC 7662) instead.
The table lookup matches the presented token byte-by-byte and is therefore not constant-time. Opaque bearer tokens are expected to be high-entropy secrets (>= 128 bits of randomness), which makes guessing one via a timing oracle infeasible; this dev-only verifier does not generate or enforce that.