Upgrade jsonwebtoken to address security vulnerability (Azure#24340)

### Packages impacted by this PR
@azure/identity, @azure/web-pubsub, @azure/web-pubsub-express, and @azure/web-pubsub-client

Live tests runs:
- [Identity](https://dev.azure.com/azure-sdk/internal/_build/results?buildId=2081318&view=results)
- [webpubsub](https://dev.azure.com/azure-sdk/internal/_build/results?buildId=2081328&view=results)

### Issues associated with this PR
Fixes Azure#24337
Fixes Azure#24336
Fixes Azure#24334

### Describe the problem that is addressed by this PR
There is a security vulnerability in v8 of the jsonwebtoken library. However, I can't shake the vulnerable version off our lock file completely because @azure/msal-node depends on it and they didn't make a release with the upgraded dependency yet, [see my comment on their PR](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/5503/files#r1058120234).

### What are the possible designs available to address the problem? If there are more than one possible design, why was the one in this PR chosen?
N/A

### Are there test cases added in this PR? _(If not, why?)_
N/A

### Provide a list of related PRs _(if any)_
N/A

### Command used to generate this PR:**_(Applicable only to SDK release request PRs)_

### Checklists
- [x] Added impacted package name to the issue description
- [ ] Does this PR needs any fixes in the SDK Generator?** _(If so, create an Issue in the [Autorest/typescript](https://github.com/Azure/autorest.typescript) repository and link it here)_
- [x] Added a changelog (if necessary)

Author: deyaaeldeen

common/config/rush/pnpm-lock.yaml

@@ -128,7 +128,7 @@
     "@azure/test-utils": "^1.0.0",
     "@microsoft/api-extractor": "^7.31.1",
     "@types/chai": "^4.1.6",
-    "@types/jsonwebtoken": "~8.5.0",
+    "@types/jsonwebtoken": "^9.0.0",
     "@types/jws": "^3.2.2",
     "@types/mocha": "^7.0.2",
     "@types/ms": "^0.7.31",
@@ -141,7 +141,7 @@
     "dotenv": "^16.0.0",
     "eslint": "^8.0.0",
     "inherits": "^2.0.3",
-    "jsonwebtoken": "^8.5.1",
+    "jsonwebtoken": "^9.0.0",
     "karma": "^6.2.0",
     "karma-chrome-launcher": "^3.0.0",
     "karma-coverage": "^2.0.0",

sdk/identity/identity/package.json

@@ -76,7 +76,7 @@
     "@types/chai-as-promised": "^7.1.5",
     "@types/express": "^4.16.0",
     "@types/express-serve-static-core": "^4.17.19",
-    "@types/jsonwebtoken": "~8.5.0",
+    "@types/jsonwebtoken": "^9.0.0",
     "@types/mocha": "^7.0.2",
     "@types/node": "^12.0.0",
     "@types/sinon": "^9.0.4",

sdk/web-pubsub/web-pubsub-client/package.json

@@ -65,7 +65,7 @@
     "@types/chai": "^4.1.6",
     "@types/express": "^4.16.0",
     "@types/express-serve-static-core": "^4.17.19",
-    "@types/jsonwebtoken": "~8.5.0",
+    "@types/jsonwebtoken": "^9.0.0",
     "@types/mocha": "^7.0.2",
     "@types/node": "^14.0.0",
     "@types/sinon": "^9.0.4",

sdk/web-pubsub/web-pubsub-express/package.json

@@ -10,6 +10,8 @@
 
 ### Other Changes
 
+- Bumped the version of the jsonwebtoken dependency to v9.
+
 ## 1.1.0 (2022-11-11)
 
 ### Features Added

sdk/web-pubsub/web-pubsub/CHANGELOG.md

@@ -75,7 +75,7 @@
     "@azure/core-tracing": "^1.0.0",
     "@azure/logger": "^1.0.0",
     "tslib": "^2.2.0",
-    "jsonwebtoken": "^8.5.1"
+    "jsonwebtoken": "^9.0.0"
   },
   "devDependencies": {
     "@azure/dev-tool": "^1.0.0",
@@ -85,7 +85,7 @@
     "@azure-tools/test-recorder": "^2.0.0",
     "@microsoft/api-extractor": "^7.31.1",
     "@types/chai": "^4.1.6",
-    "@types/jsonwebtoken": "~8.5.0",
+    "@types/jsonwebtoken": "^9.0.0",
     "@types/mocha": "^7.0.2",
     "@types/node": "^14.0.0",
     "@types/sinon": "^9.0.4",