replace go-jose.v2 with newer version because it is vulnerable to CVE-2024-28180

[gunturaf]

Based on the advisory in this link, the go-jose.v2 is vulnerable: https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g

I tried to fix in my local clone of krakend-jose, but it seems that the underlying dependency of go-auth0 also needs to be updated.

I might be able to send MRs for both of the repositories affected, but in this issue I just want to let you folks know that this vuln might be blocking some organizations that uses trivy in their CI/CD pipeline.