update itsdangerous restriction to ~=2.0

[ralequi]

This may help (or even fix, dunno yet) issue #55

Why should we upgrade itsdangerous package?

• From my point of view there is no reason not to do so, but for possible compatibility reasons. The package that should restrict it is webservices but does not impose any restriction
• It seems there may be other packages that may require a greater version. This may cause an incompatibility issue.
• It seems that the version itself does not matter at all while both, client & server keeps the same version installed

Why we should not remove every restriction on the package and leave to webservices package?

• It seems that there were some break changes in earlier versions.
• It may help to have some "greater" version pinning, as it may force to keep the same version range on both: client and server.

So why version ~2.0 ? (It's equivalent to >=2.0, <3.0)

• There is no really a great reason for this. ~1.0 may work perfectly.
• Maybe the best argument to put ~2.0 instead of ~1.0 is to try to keep that restriction as updated as we could.

[GaretJax]

Thanks for the PR @ralequi. Sadly we need a way to keep the pre-1.0 generated signature format for compatibility with clients that we do not have control on.
Maybe vendoring in the dependency would be a better approach.