Declarative config: jwt_secrets field

TL;DR: can there be jwt_secrets field on root level of declarative config file?
I am quite new to Kong. Taking over another application that uses dbless declarative config, I saw there is jwt_secrets field on root level, next to services, consumers, plugins. And Kong happily started with this config, no complains. Actually this app runs in real environment with this config, but I am not capable of validating jwt stuff actually being used.
When I decided to add schema validation to build pipeline, I discovered that in schema jwt_secrets is declared as field of consumers entry, FConsumer type, and this is also reflected in Go code.
And ofc validator with this schema gives me an error of fail: (root): Additional property jwt_secrets is not allowed.
But a) thing is assumed to work in real env b) I have seen similar configs on forums, e.g. here

Is jwt_secrets root field valid, or what is the difference between having it on root level and under consumer entity? http_log and prometheus plugins are involved, if that matters.