Potential vulnerability in PyJWT dependency

https://github.com/advisories/GHSA-ffqj-6fqr-9h24

The issue is not that big as algorithms=jwt.algorithms.get_default_algorithms() has to be used. However, with quick googling, this seems to be used in some cases at least in some minor projects.

I think that means the SDK is OK, but wanted to log this in case we still want to play it safe and bump PyJWT to ~=2.4.