Validate token and issuer/audience match in each path

[hugomrdias]

token and issuer/audience are being validated together in each level of the chain, but the proofs chain can be a tree and we must allow for valid and invalid to be present as long as we can find a complete valid path for a claim.

example: two proofs for the same capability one expired and one not expired would fail validation currently and it shouldn't. Same thing if issuer/audience dont mach for one proof but that ucan has another proof that match and is valid.