FAPI mentions the concept of "ID Token used as detached signature" . The main purpose of ID Token is to be used as detached signature and not as the source of user's claims.
It will be nice if we have an option to skip returning user's claims in the ID Token and makes sure that it can be used as "detached signature" . This way, the ID Token will still have claims like c_hash, s_hash, at_hash and nonce, but it won't have user's claims. In other words, the protocolMappers won't be called during generation of ID Token and Access Token, which is returned from Authorization response.
More details in the discussion on keycloak-dev: https://groups.google.com/g/keycloak-dev/c/EXZQTEusJEI