Validating Transport Certificate in Private Key JWT authentcation

[shashanksapre]

We have come across a use case where, if a client that has been registered to use private_key_jwt as the token authentication method is also sending a client certificate in mtls, we need to validate whether the mtls certificate belongs to the same client (or organisation) whose jwks_uri is being used to verify the client_assertion. The client's jwks endpoint response contains both signing and transport keys (open banking UK). We didn't see any placeholder to validate this.