This PR updates composer dependencies within minor versions.

I did a code review for suspicious code on the following 3rd party extensions

• altcha-org/altcha (v1.2.0 => v1.3.0)
• dragonmantank/cron-expression (v3.4.0 => v3.6.0)
• lcobucci/clock (3.3.1 => 3.5.0)
• phpseclib/phpseclib (3.0.46 => 3.0.47)
• spomky-labs/cbor-php (3.1.1 => 3.2.2)
• spomky-labs/pki-framework (1.3.0 => 1.4.0)
• theseer/tokenizer (1.2.3 => 1.3.1)
• web-token/jwt-library (3.4.8 => 3.4.9)

Other dependencies like symfony has not been checked because I expect enough other people reviewing the code bases or are trustworthy for other reasons.

I also added the Webauthn library to the audit ignore list, we are well aware of this outdated version, but I our Webauthn plugin needs to be updated to use a newer version, which has not been done yet.