Add audiences to security token descriptor

[JoshLozensky]

Added SecurityTokenDescriptor.Audiences member.

Description

Enabling customers to easily add multiple Audiences to the Aud claim in accordance with the JSON Web Token RFC (7519 section 4.1.3)

• Added SecurityTokenDescriptor.Audiences member and adjusted logic to support customers using it instead of or in addition to SecurityTokenDescriptor.Audience. Some of the code is designed to be removed once we deprecate SecurityTokenDescriptor.Audience as noted in the code comments.
• Added logic and unit tests to 4 flows to support the new member:
  • JwtSecurityTokenHandler
  • JsonWebTokenHandler
  • SamlSecurityTokenHandler
  • and Saml2SecurityTokenHandler.
• Created 3 new benchmark tests to assess impact of the new member and design choices

Benchmark Results:

The increase in allocation and time taken when using multiple audiences is partly expected, it takes longer to work with multiple strings than a single string.

Method	Mean	Error	StdDev	Median	P90	P95	P100	Allocated
Dev-JsonWebTokenHandler_CreateToken	628.6 us	0.91 us	1.95 us	not given	630.6 us	631.9 us	636.5 us	7.02 KB
PR-JsonWebTokenHandler_CreateToken	626.4 us	0.61 us	1.28 us	626.1 us	627.9 us	629.1 us	631.2 us	7.02 KB
PR-..._SingleAudienceUsingAudiencesMemberOnly	625.7 us	0.52 us	1.12 us	625.3 us	627.1 us	627.7 us	628.4 us	7.08 KB
PR-..._MultipleAudiencesMemberOnly	625.2 us	0.33 us	0.69 us	625.2 us	625.9 us	626.5 us	627.6 us	8.02 KB
PR-..._MultipleAudiencesMemberAndClaims	625.7 us	0.50 us	1.05 us	625.4 us	627.0 us	627.8 us	628.7 us	8.02 KB

Fixes #1479