feat: Replace spring-security-jwt with nimbus-jose-jwt

[saurabhgangal]

I've replaced org.springframework.security.jwt with com.nimbusds.nimbus-jose-jwt (version 10.3).

The org.springframework.security.jwt library does not correctly handle tokens with typ="at+jwt". nimbus-jose-jwt is a more robust library for handling various JWT/JOSE specifications and provides the necessary functionality.

Changes include:

• I updated pom.xml to swap the JWT library dependencies.
• I refactored JwtTokenVerifierBuilder.java, OAuth2DataAccessTokenServiceImpl.java, and OAuth2TokenAuthenticationProvider.java to use the Nimbus library for JWT parsing, signature verification (via JWKS), and claims extraction.

Your existing tests are expected to cover this change as it's primarily a library replacement for underlying token processing.

Fix # (see https://help.github.com/en/articles/closing-issues-using-keywords)

Checks

• The commit log is comprehensible. It follows 7 rules of great commit messages. We can fix this during merge by using a squash+merge if necessary
• Has tests or has a separate issue that describes the types of test that should be created. If no test is included it should explicitly be mentioned in the PR why there is no test.
• Is this PR adding logic based on one or more clinical attributes? If yes, please make sure validation for this attribute is also present in the data validation / data loading layers (in backend repo) and documented in File-Formats Clinical data section!
• Make sure your PR has one of the labels defined in https://github.com/cBioPortal/cbioportal/blob/master/.github/release-drafter.yml

Any screenshots or GIFs?

If this is a new visual feature please add a before/after screenshot or gif
here with e.g. Giphy CAPTURE or Peek

Notify reviewers

Read our Pull request merging
policy. It can help to figure out who worked on the
file before you. Please use git blame <filename> to determine that
and notify them either through slack or by assigning them as a reviewer on the PR