Hi!
Yes the sub field is arbitrary. This is traditionally used as a user ID of some sort, and is converter into an internal representation of that user which is used to track rate limits and quotas of future calls with that ID. A valid policy is required to determine the access and rate/quota limits for that user.
For the token you created, this is for the following option: //tyk.io/docs/basic-config-and-security/security/authentication-authorization/json-web-tokens/
The JWT ID that you created a token ID that is bound to a JWT key so that inbound tokens that bear this token can be validated.
Let me know if you need more information!