Upgrade JWT library dependency to fix CVE

[rwhitworth]

It looks like dgrijalva/jwt-go has been superseded by the golang-jwt/jwt library. The older 'dgrijalva' library has security vulnerabilities logged against it. Could this repo change to use the golang-jwt/jwt library in its place?

[rwhitworth]

Adding this to my downstream project's go.mod seems to have upgraded the library:

replace github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0

Note that I do not claim to be a golang developer. This workaround may be incorrect. It seems to be working for now.