Allow Keycloak's aud to accept the default value "account" in addition to ClientID.

[kingbj940429]

Summary

Keycloak currently only supports the ClientID as the audience.

However, the default audience for a Keycloak user is account.

It would be ideal if the audience could be received through a ConfigMap or a similar things.

Motivation

as you see, a keycloak default audience is account.

However, a argocd-server only allows ClientID like below
argo-cd/util/settings/settings.go

func (a *ArgoCDSettings) OAuth2AllowedAudiences() []string {
	if config := a.oidcConfig(); config != nil {
		if len(config.AllowedAudiences) == 0 {
			allowedAudiences := []string{config.ClientID}
			if config.CLIClientID != "" {
				allowedAudiences = append(allowedAudiences, config.CLIClientID)
			}
			return allowedAudiences
		}
		return config.AllowedAudiences
	}
	if a.DexConfig != "" {
		return []string{common.ArgoCDClientAppID, common.ArgoCDCLIClientAppID}
	}
	return nil
}

If a Token has default aud like account, invoke failed to verify token error

Proposal

need to allow "account" as a default audience by either:

• Using a ConfigMap or environment variables to dynamically retrieve the default audience.
• If using Keycloak, implementing an if statement to explicitly allow "aud: account".

[kingbj940429]

Can I work this?