github: bump to `jsonwebtoken` 9.x

Ben Boeckelrequested to merge
ben.boeckel/rust-ghostflow:cargo-audit-ring-update into master

This depends on ring 0.17 which fixes an AES overflow condition.

Avoids: https://rustsec.org/advisories/RUSTSEC-2025-0009

Merge request reports