Yes, a base/minimal MP-JWT implementation should support the tests in the utils,jwt,jaxrs,cdi,cdi-json,cdi-provider groups.
Ok, I see what your saying about the role mapping. This is a notion from EE security that often is built on chaining together JAAS login modules for example.
I'll move that to a new ee-security-optional group.
So is it ok to distinguish between the minimum required tests vs extended tests by the lack of a -optional suffix on the test group, or should there be an additional jwt-minimal group attached to those tests?