Add customer identifier to JsonWebToken
Background
https://docs.gitlab.com/ee/architecture/blueprints/observability_for_self_managed/ outlines an approach for self-managed instances to store and retrieve observability data in a GitLab-hosted data store via cloud connector.
Problem
The JWT payload has no customer identifier; therefore, validators cannot securely enforce scoped read/write access to only the customer's data. The instance JWT (IJWT) is the only thing attached to a request from a self-managed instance that cannot be manipulated.
Proposal
Add a customer identifier to the JWT payload that could be used by the GitLab Observability Backend (GOB) to store and retrieve the customer's data. The ideal identifier would also enable future correlation between data usage reported by GOB to customers-dot for usage-based billing. The chosen identifier used for such correlation must also be available and added to the JWT created in GitLab.com https://gitlab.com/gitlab-org/gitlab/-/blob/8d543f54125910e8d1e2b7811efc2a07f62a0dad/ee/lib/gitlab/ai/access_token.rb#L36