security: remove vulnerable python-jose dependency (Dependabot alert #14)

## Security Fix for CVE-2022-29217

### Vulnerability Details
- **Package**: python-jose < 3.4.0
- **Issue**: Algorithm confusion with OpenSSH ECDSA keys
- **Impact**: JWT signature bypass, authentication bypass
- **Dependabot Alert**: #14

### Resolution Applied
- ✅ Removed unused python-jose dependency from requirements.txt
- ✅ Application already uses pyjwt for JWT handling (not vulnerable)
- ✅ No code changes required - dependency was not in use

### Verification
- Searched entire codebase: no imports of 'jose' library found
- JWT functionality provided by pyjwt==2.8.0 (secure)
- Removes unnecessary attack surface from the application

This resolves Dependabot security alert #14 by eliminating the vulnerable dependency entirely.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: remyluslosius

requirements.txt

@@ -10,7 +10,7 @@ celery==5.3.4
 redis==5.0.1
 pydantic[email]==2.5.0
 pydantic-settings==2.1.0
-python-jose[cryptography]==3.3.0
+# python-jose[cryptography]==3.3.0  # Removed - using pyjwt instead (CVE fix)
 passlib[bcrypt]==1.7.4
 python-multipart==0.0.6
 aiofiles==23.2.1