[Task]: Migrate off passlib to pwdlib

[emma-sg]

Description

Related to #3162.

We've kicked the pkg_resources issue down the line by pinning setuptools to an older version, but the proper fix here is to migrate off of passlib to another library, most likely pwdlib.

This might also be a good opportunity to start migrating password hashes to argon2 from bcrypt.

Also from #3220, might be worth adding an options param to when we decode & verify JWTs to enforce that they must have an expiry & audience.

Context

No response