Fix JWT CVE: upgrade jwt to 3.2.0 in oc-id and chef-server-ctl

[jashaik]

jwt < 3.2.0 accepts attacker-forged tokens when an empty string key is used (empty-key HMAC bypass). JWT.decode with key '', nil, or a keyfinder returning '' would verify any signature via OpenSSL HMAC.

• Pin jwt >= 3.2.0 in src/oc-id/Gemfile
• Bump jwt 3.1.2 -> 3.2.0 in both Gemfile.lock files

Description

[Please describe what this change achieves]

Issues Resolved

[List any existing issues this PR resolves, or any Discourse or
StackOverflow discussions that are relevant]

Check List

• New functionality includes tests
• All buildkite tests pass
• Full omnibus build and tests in buildkite pass
• All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/main/CONTRIBUTING.md#developer-certification-of-origin-dco
• PR title is a worthy inclusion in the CHANGELOG

[netlify]

👷 Deploy Preview for chef-server processing.

Name	Link
🔨 Latest commit	e63c74c
🔍 Latest deploy log	https://app.netlify.com/projects/chef-server/deploys/6a0f13d1667534000811b7b6