Reword an obsolete comment in AttachApplicationClaims

src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs

@@ -963,9 +963,8 @@ namespace OpenIddict.Server
                         return;
                     }
 
-                    // Only the specified audience (i.e the resource server for an access token
+                    // Only specified audiences (that were explicitly defined as allowed resources) can access
-                    // and the client application for an identity token) can access the sensitive
+                    // the sensitive application-specific claims contained in the introspected access token.
-                    // application-specific claims contained in the introspected access/identity token.
                     if (!context.Principal.HasAudience(context.Request.ClientId))
                     {
                         context.Logger.LogInformation(SR.GetResourceString(SR.ID6105), context.Request.ClientId);