Add new job_source claim

See parent epic for more details Store a `source` value for Jobs (&11796)

Problem to solve

Implement new token claims per points 4-6 in epic above:

• job_source: added to all jobs. Has value "scan_execution_policy" for SEP-initiated jobs; for other jobs, fall back to pipeline source value.
• job_policy_ref_uri: added to jobs from security policy projects.
  1. The value will be null for jobs that do not come from a scan execution policy.
  2. The value will point to the scan execution policy file for jobs that do come from a scan execution policy.
  3. The format will be gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main.
• job_policy_ref_sha: added to jobs from security policy projects.
  1. The value will be null for jobs that do not come from a scan execution policy.
  2. The value will be the git commit SHA for the job_policy_ref_uri for jobs that do come from a scan execution policy.

Intended users

• Cameron (Compliance Manager)

Proposal

A new job_source claim will be added to our id_token claims. The value will be the same as requirement 1 listed above.