feat: update go-jose to resolve x/crypto vuln

[AnthonyPoschen]

this resolves a CVE that popped up in one of our scans.

https://github.com/advisories/GHSA-v778-237x-gjrc

i was unable to run the tests to verify it had no impact.

[AnthonyPoschen]

ok so a quick summary,

the indirect in the go mod would get cleaned up with a go mod tidy, the docs i found about the go toolchain suggest requiring a higher level of something a downstream packages uses will default to the higher version provided they are the same major version which they are.