My application needs to access all Box user accounts in the Box enterprise. I'm trying to decide whether to use "Server Authentication (with JWT)" or "Server Authentication (Client Credentials Grant)". Using JWT requires an additional public/private key. Is this authentication option more secure? When should I use one versus the other?