[Rails] Review JWT audience (aud) claim configuration for cross-cell security

Description

During code review, a potential security concern was identified regarding the JWT audience (aud) claim configuration in our OpenBao integration.

Discussion link: !188817 (comment 2553640157)

Current State

In ee/lib/secrets_management/secrets_manager_jwt.rb, the JWT audience is currently set to:

aud: "openbao"

Security Concern

With the implementation of #540874 (closed) and &17846, we will have multiple OpenBao instances deployed across different cells, all sharing the same JWT issuing key material. The current generic "openbao" audience claim could potentially allow cross-cell access, which presents a security risk.

Proposed Solution

Consider updating the audience claim to use external URLs to ensure strict cell isolation. This would prevent JWTs issued for one cell from being accepted by OpenBao instances in other cells.

Video link: https://www.youtube.com/watch?v=gwOem9lfdVw&list=PL05JrBw4t0Kp3XzdJtZ2iOlu7_M3mSmmj&index=3&t=2s