Context

Using the golang mongo driver (and likely any other mongo driver) in a Kubernetes cluster and using OIDC to authenticate is great, but if we set an `audience` when the federated identity provider is created, then we can't use the "standard" token projected into the pod, we need to explicitly create a new projected volume (see https://kubernetes.io/docs/concepts/storage/projected-volumes/#serviceaccounttoken), which means the token is no longer where this code assumes it is at https://github.com/mongodb/mongo-go-driver/blob/v2.5.0/x/mongo/driver/auth/oidc.go#L388.  Providing a way to tell the driver where the OIDC token is, without requiring a developer to write boiler plate code for the callback, would be very useful.

The best-practice with OIDC is to set a unique `aud` or `audience` field with the token.

Definition of done

A way to pass the path of the token to use without requiring additional custom callbacks to use a token not in the "standard" location for kubernetes (`/var/run/secrets/kubernetes.io/serviceaccount/token`).

Pitfalls

Users will be responsible for passing correct paths.