Support multiple audiences in JWT & automate publish

[felipebn]

This changes introduces the follow feature:

• proper verification of Token audiences when CF Access JWT has more than one audience

and the following project improvements:

• adding plugin packaging for preview in pull requests, publishing as Github Actions Artifacts
• adding semantic release when merging changes to master branch

Multiple audiences support

The plugin so far handled when the configuration had multiple audiences set but it was not expecting that the inbound CF Access JWT could have multiple audiences set. The change now checks that the intersection of the config and the JWT has at least one match.

The scenario this happens is when Access is configured using wildcard URLs.

Project improvements

Having the plugin packages generate as part of the PR build will allow for easy testing of the changes in a product instance. The same way automating the release creation in Github will allow to simplify the work to publish the plugin.

[felipebn]

• Same MR in my fork to run actions without approval: https://github.com/felipebn/cloudflare-access-for-atlassian/pull/2
• CI Build with preview packages for testing https://github.com/felipebn/cloudflare-access-for-atlassian/actions/runs/8815467204?pr=2