SpringBoot Validate the aud claim in OAuth2 resource server

Configure a new optional property for audience in resource server. Validate the audience claim in JWT if the audience property is provided.

Closes #28427

Comment From: fstorz

The changes in this PR only apply the audience validation if decoder is configured via "jwk-set-uri". Would it make sense to also provide this feature when decoder is configured via "issuer-uri"?

Comment From: snicoll

@ahmedmq thank you for making your first contribution to Spring Boot.

Comment From: mrodal

This feature is not mentioned in the docs, in fact audience validation is shown as an example for custom validators:

https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html#oauth2resourceserver-jwt-validation-custom

This feature should be in the docs

Comment From: snicoll

@mrodal thanks for the nudge. Going forward, rather than commenting on a closed PR, please create an issue to request a change in the documentation. I've done that in #34848.

Comment From: mrodal

got it, thanks!