Add web-token/jwt-framework ^4.0 support

[amitsamtani]

Summary

This PR adds support for web-token/jwt-framework v4.x, which is required for compatibility with Symfony 8 and Laravel 13.

Currently, the SDK constrains web-token/jwt-framework to ^2.2.11|^3.3.5. Since v3.x depends on Symfony <8 components, any project using Laravel 13 (which requires Symfony 8) cannot install cybersource/rest-client-php due to dependency conflicts.

Changes

composer.json

• Widened constraint: ^2.2.11|^3.3.5 → ^2.2.11|^3.3.5|^4.0

lib/Authentication/Util/MLEUtility.php

• Removed CompressionMethodManager and Deflate imports and usage (removed in jwt-framework 4.0 per RFC 8725 Section 3.6)
• Simplified JWEBuilder constructor to accept a single AlgorithmManager (4.0 API)

lib/Authentication/Util/JWE/JWEUtility.php

• Same compression removal and constructor simplification for JWEDecrypter in both decryptJWEUsingPEM() and decryptJWEUsingPrivateKey()
• Merged separate key encryption and content encryption AlgorithmManager instances into one (4.0 API)

Why

• web-token/jwt-framework 4.0 removed compression support following RFC 8725 security recommendations
• JWEBuilder and JWEDecrypter constructors were simplified to accept a single AlgorithmManager instead of separate managers
• These are the only breaking changes that affect this SDK

Testing

• Verified dependency resolution succeeds with web-token/jwt-framework 4.1.4 + Symfony 8 + Laravel 13
• Existing SDK behavior is preserved — encryption/decryption logic is unchanged, only the framework API surface was updated

[martinolson]

Adding our voice in support of this PR — we maintain a Laravel-based e-commerce platform powering payment processing for several merchants, and cybersource/rest-client-php (with MLE) is a critical part of our stack.

We've just been blocked from upgrading to Laravel 13 by the same dependency chain this PR addresses:

• Laravel 13 requires brick/math ^0.14.2 || ^0.15 || ^0.16 || ^0.17
• The current SDK requires web-token/jwt-framework ^2.2.11 || ^3.3.5
• Every web-token/jwt-framework v3.x release pins brick/math ^0.9 || ^0.10 || ^0.11 || ^0.12 — empty intersection with Laravel 13
• Only web-token/jwt-framework v4.x supports brick/math ^0.14+

The changes in this PR are correct: dropping the compression manager (per RFC 8725 §3.6), simplifying the JWEBuilder/JWEDecrypter constructors to a single AlgorithmManager. We've confirmed those are the only breaking changes in web-token/jwt-framework v4 that affect the MLE code in this SDK.

Could the maintainers please review and ship this in the next release? Until then, anyone running CyberSource MLE is stuck on Laravel 12 / Symfony 7. Happy to test against a release candidate if that helps.