Customizable Audience Claim in OIDC Pipeline JWTs

We'd like to use CoSign to sign our docker image builds. CoSign supports Keyless Signing with Fulcio through OIDC identities (Documentation). However it is required that the `aud` claim is set to "sigstore". Currently it's not possible to configure any of the claims in the JWT which is a blocker. 

GitLab and GitHub already support configurable audience claims in their tokens, see:

- https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#id-tokens

- https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#understanding-the-oidc-token

I hope Bitbucket will put configurable JWT claims on their roadmap.