Restore account linking on newest keycloak versions

[mshaposhnik]

What does this PR do?

Since in newer Keycloak versions meaning of aud claim changed a little, so it is not contains name of the client who requested token anymore. This information is stored in the azp claim value, which is right place for it (see https://www.iana.org/assignments/jwt/jwt.xhtml). So we must read it from here.

What issues does this PR fix or reference?

#13380

Release Notes

N/A

Docs PR

N/A

[mshaposhnik]

ci-test

[dmytro-ndp]

@mshaposhnik: thanks for quick fixup!
CRW 1.2 requires having this fix in 6.19.x branch as well.
Could you, please, create separate PR to merge fixup into 6.19.x branch?

[mshaposhnik]

@dmytro-ndp usually we do cherry-picks from master after commit is merged.

[che-bot]

Results of automated E2E tests of Eclipse Che Multiuser on OCP:
Build details
Test report
docker image: eclipseche/che-server:13398
https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

[dmytro-ndp]

E2E selenium tests results for github integration look good.

[dmytro-ndp]

@mshaposhnik: I have created PR #13401 to make it possible to test it as Che 6.x using CRW 1.2.

[matskiv]

Is this change backwards compatible with RH SSO 7.2?

I am having problems with GitHub auth via SSO 7.2.
Client [che-client] not authorized to retrieve tokens from identity provider [github].
Same "che-client" worked in the past.

[matskiv]

nvm, my problem was caused by incorrect client roles (fix).
Sorry for spam. :)