Function inferRealmFromIssuer

inferRealmFromIssuer(issuer: string): undefined | string
Attempts to infer the realm path from a ForgeRock AM issuer URL.

AM issuer URLs follow one of two patterns:
- Simplified: https://{host}/am/oauth2/{realm} (e.g., /am/oauth2/alpha)
- Legacy: https://{host}/am/oauth2/realms/root/realms/{realm}
This function extracts the realm from either format. Returns undefined for non-AM issuers (e.g., PingOne, generic OIDC).
Parameters
- issuer: string
  The issuer URL from the well-known response
Returns undefined | string
The inferred realm path, or undefined if it cannot be determined
Example
```
// Simplified format (common in ForgeBlocks)
inferRealmFromIssuer('https://openam-sdks.forgeblocks.com/am/oauth2/alpha')
// Returns: 'alpha'

// Legacy format with explicit realm path
inferRealmFromIssuer('https://am.example.com/am/oauth2/realms/root/realms/alpha')
// Returns: 'alpha'

// Nested subrealm (legacy format)
inferRealmFromIssuer('https://am.example.com/am/oauth2/realms/root/realms/customers/realms/premium')
// Returns: 'customers/realms/premium'

// Non-AM issuer (e.g., PingOne)
inferRealmFromIssuer('https://auth.pingone.com/env-id/as')
// Returns: undefined
```
- Defined in journey-client/src/lib/wellknown.utils.ts:48