fix: replace python-jose with PyJWT for robust JWKS signature verification

python-jose failed to correctly construct RSA public keys from Microsoft
JWKS entries lacking an explicit alg field, causing signature verification
failures. Switch auth.py to PyJWT + jwt.algorithms.RSAAlgorithm.from_jwk()
which handles Entra JWKS correctly. Add cryptography explicitly to deps.
Update auth tests to remove unused python-jose fixture code.

backend/tests/test_auth.py

@@ -12,21 +12,6 @@ def reset_cache():
     auth.JWKS_CACHE["exp"] = 0
 
 
-@pytest.fixture
-def mock_jwks():
-    from Crypto.PublicKey import RSA
-    from jose.jwk import RSAKey
-    key = RSA.generate(2048)
-    rsa_key = RSAKey(key)
-    jwk_dict = {
-        "kty": "RSA",
-        "kid": "test-kid",
-        "n": rsa_key._key.n,
-        "e": rsa_key._key.e,
-    }
-    return rsa_key, jwk_dict
-
-
 def test_allowed_no_restrictions():
     assert _allowed({}, set(), set()) is True