all: upgrade dependencies to resolve golang.org/x/oauth2/jws vulnerability

[thomasschafer]

As shown here, golang.org/x/oauth2/jws versions below 0.27.0 have a sev. 8.7 vulnerability. This PR bumps the versions of those dependencies.

I also had to bump the Go version to enable the upgrade:

go: cloud.google.com/go/[email protected] requires [email protected], but 1.21.0 is requested

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[thomasschafer]

Getting a 400 error when I try and sign the CLA, I agree to the terms of the CLA if it's possible to override the blocked pipeline, otherwise I'm happy to sign when the form is fixed!

[vangent]

We generally prefer to update dependencies in bulk periodically; you can of course update the dependency in your application to avoid the vulnerability.