[update] remove rule MUST NOT validate audience of the JSON Web Token

[BirgitBader]

(i) This issue has been manually transferred from a former internal repository, as a private repository issue cannot be transferred to a public repository.

Context

The rule describes how the "aud" claim is used within api.otto.de. The usage and validation of the "aud" claim can make sense for other OAuth2 processes.

Instead of having a rule, we should improve api.otto.de's documentation of the OAuth2 server, as this rule is tightly bound to how api.otto.de's OAuth2 server works.

[BirgitBader]

Relates to https://github.com/otto-ec/ottoapi_portal/issues/1950