fix(sec): upgrades node-jose from 0.9.5 to 2.2.0 (SEC-5572)

[jcchavezs]

✏️ Changes

What

This PR upgrades node-jose (direct dependency) from 0.9.5 to 2.2.0 as proposed in SEC-5572.

Reasoning

Found usages in code:

./encryption.js:1:import jose from 'node-jose';
./checkkey.js:1:var jose = require("node-jose")

• I described the changes on this PR.

🔮 Type of Change

• Standard

🔗 References

https://auth0team.atlassian.net/browse/SEC-5572

• I added at least one link (task, slack thread, etc) to explain why this change is needed.

📖 Documentation

No user-facing changes have been introduced.

• I reflected this change in the (internal and/or user-facing) documentation by either adding or updating docs or removing obsolete documentation, or added an explanation for why no documentation update is needed.

🎯 Testing

While this PR is only ready for review once the CI is green we kindly ask the owners to conduct further testing and add screenshots before merging it.

• This change has integration, unit, or performance test coverage. If it doesn't, I have explained why I wasn't able to add any.

🚀 Deployment

• This change can support multiple releases of the code serving traffic at the same time.

🔥 Rollback

This is a library upgrade, reverting the PR is enough to rollback the change.

• I explained what the rollback for this change will look like, how we can recover fast, etc.