It would be useful from a security point of view if it was possible to use the JIRA cloud user API tokens instead of a password to save the password being listed or if mandatory 2fa on passwords is enabled

I agree.
Pull requests are more than welcome :)

I update the script to work w/ API tokens, instead of personal authentication because your right and this is the best practice in this case.