docs: add note on Vault 1.21 audience requirement for roles (#5411)

* docs(vault): add audience requirement for roles in 1.21+

Signed-off-by: AddRain1 <adriankvo22@gmail.com>

* docs(vault): update code block to use yaml syntax highlighting

Signed-off-by: AddRain1 <adriankvo22@gmail.com>

* docs(vault): update code spacing

Signed-off-by: AddRain1 <adriankvo22@gmail.com>

---------

Signed-off-by: AddRain1 <adriankvo22@gmail.com>

docs/provider/hashicorp-vault.md

@@ -317,6 +317,23 @@ Vault validates the service account token by using the TokenReview API. ⚠️ Y
 ```
 **NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `serviceAccountRef` or in `secretRef`, if used.
 
+**NOTE:** Starting with Vault 1.20, roles without an audience will trigger warnings during authentication.
+In Vault 1.21 and later, roles must include an audience or authentication will fail.
+
+Update your role definitions to include an audience, for example:
+```yaml
+auth:
+  kubernetes:
+    mountPath: kubernetes/my-cluster
+    role: my-role
+    serviceAccountRef:
+      name: my-service-account
+      audiences:
+        - vault # Required for Vault 1.21+
+```
+
+
+
 #### LDAP authentication
 
 [LDAP authentication](https://www.vaultproject.io/docs/auth/ldap) uses