Nameko-keycloak

------------------

* [Likely breaking change] Upgrade python-keycloak to 4.x and switch from
python-jose to jwcrypto. If you rely on catching exceptions from the
underlying JWT library yourself, you need to update that code.
* Don't engage failure hook when refresh token expires. This is a legitimate
use case and not an error.

------------------

* [Breaking change] Switch to HttpOnly cookies. This means that frontend
apps can no longer access the tokens.
* Drop support for Python 3.8.

------------------

* Building package with pyproject.toml

------------------

* Relax upper bounds on python-keycloak.

------------------

* Add support for nameko 3.0 RC.

------------------

* Add Secure=true flag to all cookies. This requires serving over HTTPS only,
but you should be doing that already if you care about security.