Handle PyJWT 2.6.0 ImmatureSignatureError

If tokens are issued too far in the future, PyJWT >=2.6.0 now seems to
throw ImmatureSignatureError rather than InvalidIssuedAtError, which is
what we expect.

As we don't catch the new error correctly this bubbles up and causes a
test failure on
test_should_reject_token_that_is_just_out_of_bounds_futured.

So now we're potentially validating `iat` in two places, depending on
which version of PyJWT users have installed. We still need to do the
check locally in case users are on <2.6.0.