Fix JWT security issues in signaling and alert servers (FRE-4497)

- Replace custom JWT parser with jsonwebtoken library (timing-safe HMAC)
- Prefer Authorization header over URL query for token extraction
- Add jsonwebtoken + @types/jsonwebtoken to server dependencies

Co-Authored-By: Paperclip <noreply@paperclip.ing>

server/package.json

@@ -1,6 +1,8 @@
 {
   "dependencies": {
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/ws": "^8.18.1",
+    "jsonwebtoken": "^9.0.3",
     "ws": "^8.20.0"
   }
 }