docs(router): update jwt cache eviction documentation to reflect random eviction

Signed-off-by: Abhinav Singh <abhinavsingh717073@gmail.com>

Author: Abhinav-kodes

pkg/router/jwt.go

@@ -111,7 +111,7 @@ const keyCacheMaxSize = 1000
 
 // GenerateTokenWithKey generates a JWT token signed with a specific PEM-encoded
 // private key. The parsed key is cached to avoid repeated RSA parsing overhead.
-// Eviction is FIFO-based: the oldest entry is removed when the cache is full,
+// Eviction is random-based: a random entry is removed when the cache is full,
 // avoiding the thundering-herd problem of wiping the entire cache at once.
 func (jm *JWTManager) GenerateTokenWithKey(claims map[string]interface{}, privateKeyPEM string) (string, error) {
 	jm.cacheMu.RLock()
@@ -126,10 +126,10 @@ func (jm *JWTManager) GenerateTokenWithKey(claims map[string]interface{}, privat
 		privKey = parsedKey
 
 		jm.cacheMu.Lock()
-		// Evict the single oldest entry when at capacity instead of clearing all.
+		// Evict a single random entry when at capacity instead of clearing all.
 		if len(jm.keyCache) >= keyCacheMaxSize {
-			for oldest := range jm.keyCache {
-				delete(jm.keyCache, oldest)
+			for k := range jm.keyCache {
+				delete(jm.keyCache, k)
 				break
 			}
 		}