Removed unused authentication library flagged by CVE-2026-27962

Removed an unused authentication library that customer dependency-scanners were flagging for CVE-2026-27962 — a JWT signature-verification bypass via attacker-controlled key material in the token header. The vulnerable call path never existed in the gateway; JWT handling uses a different, unaffected library. The unused dependency was still surfacing in compliance reports.

Removing the dependency cleans up scanner findings and prevents a future change from inadvertently introducing the unsafe call before an upstream fix lands. A regression test asserts the library cannot be re-added or imported without failing the build.

No action required.