fix(security): replace python-jose with PyJWT to eliminate ecdsa CVEs

Snyk scan found 3 High severity vulns: two in ecdsa (pulled by python-jose)
and one in diskcache (pulled by pySigma, never imported). Remove both
vulnerable dependencies and migrate JWT handling to PyJWT. Fix
test_logout_revokes_token which broke because test stubs sys.modules[jose]
with a MagicMock at collection time; test now uses PyJWT directly.

backend/requirements.txt

@@ -3,14 +3,13 @@ uvicorn[standard]
 sqlalchemy
 psycopg2-binary
 alembic
-python-jose[cryptography]
+PyJWT
 passlib[bcrypt]
 bcrypt==4.0.1
 boto3
 apscheduler
 requests
 pyyaml
-pySigma
 toml
 taxii2-client
 python-multipart