Changelog: Audience was not checked in versions < 0.14.0 (2024-01-22)

[lcmgh]

On 0.14 token validation fails with an InvalidAudience error when .validation(Validation::new().aud(&[config.audience])) is not set. Prior 0.14 one had to validate audience on its own and skipping .validation was not a problem.

Would have been helpful if this breaking change were mentioned in the CHANGELOG.

[Bromles]

This was a very unpleasant surprise during the update, especially considering that the error occurs only in runtime.

For my specific use case, I cannot check the audience when validating the token. And, interestingly, the jsonwebtoken crate that this library uses allows to disable this check. But here the validation options do not provide such an opportunity. I really don't want to fork just to add 1 new validation option, but if it doesn't get fixed I'll have to do this

[Bromles]

Made a quick PR to fix this

#48