Hi Robert,
Using M2M (aka Client Credentials) will definitely work in your case. There are other approaches (as you note) that work too.
JWTs are performant: verification of a JWT only requires the signing keys, and those should be cached.
JWTs can be renewed - actually, the client API requests a new JWT from Auth0 when the old JWT expires, but as this is M2M there is no human interaction or UI to do this.
John