when using using the service account jwt directly, the default audience is the api servers url
- create rpmbuilder role - enable access to gitea/github ro-tokens - enable access to rpmbuilder role from woodpeckerci