fix: use verifyPayload instead of verify to disable duplicate signature check (#2080)

Author: TimurSadykov

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.java

@@ -161,10 +161,11 @@ public final long getExpirationTimeMilliseconds() {
    * @return {@code true} if verified successfully or {@code false} if failed
    */
   public boolean verify(GoogleIdToken googleIdToken) throws GeneralSecurityException, IOException {
-    // check the payload
-    if (!super.verify(googleIdToken)) {
+    // check the payload only
+    if (!super.verifyPayload(googleIdToken)) {
       return false;
     }
+
     // verify signature, try all public keys in turn.
     for (PublicKey publicKey : publicKeys.getPublicKeys()) {
       if (googleIdToken.verifySignature(publicKey)) {