docs: make decode impossible to discover before verify

see #741

Author: panva

README.md

@@ -231,6 +231,9 @@ jwt.verify(token, getKey, options, function(err, decoded) {
 
 ```
 
+<details>
+<summary><em></em>Need to peak into a JWT without verifying it? (Click to expand)</summary>
+
 ### jwt.decode(token [, options])
 
 (Synchronous) Returns the decoded payload without verifying if the signature is valid.
@@ -259,6 +262,8 @@ console.log(decoded.header);
 console.log(decoded.payload)
 ```
 
+</details>
+
 ## Errors & Codes
 Possible thrown errors during verification.
 Error is the first argument of the verification callback.