Upgrade jwt library due to security vuln

[sc-zenokerr]

There is a vulnerability in the github.com/golang-jwt/jwt/v4 v4.5.0 dependency

https://osv.dev/vulnerability/GHSA-29wx-vh33-7x7r

The vulnerability is fixed in the next patch version 4.5.1

This library is used in a few other projects, so after this is updated, the relevant projects should be updated too,

go-scalingo/go.mod

Line 7 in 69cac00

github.com/golang-jwt/jwt/v4 v4.5.0

[EtienneM]

A good way to fix this issue would be to update to v5 of this package.

IMO we should change how we treat errors when calling jwt.ParseWithClaims:

go-scalingo/http/api_token_generator.go

Lines 42 to 47 in 69cac00

	token, err := jwt.ParseWithClaims(jwtToken, &apiJWTClaims{}, nil)
	// If token is nil, nothing has been parsed, if it's not, err will be a
	// ValidatingError we want to ignore
	if token == nil {
	return "", errgo.Notef(err, "fail to parse jwt token")
	}

The error is ignored, we only check for nil token. But from what I can see a token may be returned in case there is a jwt.ErrTokenSignatureInvalid error, hence accepting an invalid token.

golang-jwt/jwt@v4.5.0...v4.5.1#diff-83eb8e32639d01cf443d6d8bde24c1c8be78766090d8c5f8586c36250cfedca6R90-R94