[chore]: Bump github.com/SherClockHolmes/webpush-go from 1.3.0 to 1.4.0 (#3694)

Bumps [github.com/SherClockHolmes/webpush-go](https://github.com/SherClockHolmes/webpush-go) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/SherClockHolmes/webpush-go/releases)
- [Commits](https://github.com/SherClockHolmes/webpush-go/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/SherClockHolmes/webpush-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

vendor/github.com/SherClockHolmes/webpush-go/vapid.go

@@ -5,12 +5,12 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"encoding/base64"
-	"fmt"
 	"math/big"
 	"net/url"
+	"strings"
 	"time"
 
-	"github.com/golang-jwt/jwt"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 // GenerateVAPIDKeys will create a private and public VAPID key pair
@@ -72,10 +72,15 @@ func getVAPIDAuthorizationHeader(
 		return "", err
 	}
 
+	// Unless subscriber is an HTTPS URL, assume an e-mail address
+	if !strings.HasPrefix(subscriber, "https:") {
+		subscriber = "mailto:" + subscriber
+	}
+
 	token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
-		"aud": fmt.Sprintf("%s://%s", subURL.Scheme, subURL.Host),
-		"exp": expiration.Unix(),
-		"sub": fmt.Sprintf("mailto:%s", subscriber),
+		"aud": subURL.Scheme + "://" + subURL.Host,
+		"exp": time.Now().Add(time.Hour * 12).Unix(),
+		"sub": subscriber,
 	})
 
 	// Decode the VAPID private key
@@ -98,11 +103,7 @@ func getVAPIDAuthorizationHeader(
 		return "", err
 	}
 
-	return fmt.Sprintf(
-		"vapid t=%s, k=%s",
-		jwtString,
-		base64.RawURLEncoding.EncodeToString(pubKey),
-	), nil
+	return "vapid t=" + jwtString + ", k=" + base64.RawURLEncoding.EncodeToString(pubKey), nil
 }
 
 // Need to decode the vapid private key in multiple base64 formats