PyJWT is a very brittle and cumbersome dependency that expects several
cryptography libraries to be already installed on the system, and it can
lead to hard-to-debug errors when ported to different systems.
Moreover, it installs the whole `cryptography` package, which is several
MBs in size, takes time to compile, and it requires a Rust compiler to
be present on the target machine.
Platypush will now use the Python-native `rsa` module to handle JWT
tokens.
`UserManager.get_users` should not return a reference to the query
object, since the query object will be invalidated as soon as the
connection is closed.
Instead, it should return directly the list of `User` objects.
- The `declarative_base` instance should be shared
- Database `session_locks` should be stored at module, not instance
level
- Better isolation of scoped sessions
- Enclapsulated `get_session` method in `UserManager`