Add ci_config_sha JWT claim

What does this MR do and why?

Add a new claim called ci_config_sha to Ci::JwtV2. This claim will be used by Fulcio to generate certificates for keyless signing.

The ci_config_sha claim is only populated if the CI config is located in the repository. In a future iteration we will populate it for other config sources as well.

Related to #404722 (closed)

Screenshots or screen recordings

Ci::JwtV2 payload:

{
  "namespace_id": "22",
  "namespace_path": "gitlab-org",
  "project_id": "2",
  "project_path": "gitlab-org/gitlab-shell",
  "user_id": "1",
  "user_login": "root",
  "user_email": "admin@example.com",
  "pipeline_id": "13",
  "pipeline_source": "push",
  "job_id": "208",
  "ref": "memory-limit",
  "ref_type": "branch",
  "ref_path": "refs/heads/memory-limit",
  "ref_protected": "",
  "runner_id": null,
  "runner_environment": null,
  "sha": "4e9b7dbc7e42626ca4f4676ad91f17951f97af9a",
  "ci_config_ref_uri": "gitlab.localdev:3000/gitlab-org/gitlab-shell//.gitlab-ci.yml@refs/heads/memory-limit",
  "ci_config_sha": "4e9b7dbc7e42626ca4f4676ad91f17951f97af9a",
  "jti": "8547b834-c512-413f-bf1e-721beb673c69",
  "iss": "http://gitlab.localdev:3000",
  "iat": 1688590755,
  "nbf": 1688590750,
  "exp": 1688591055,
  "sub": "project_path:gitlab-org/gitlab-shell:ref_type:branch:ref:memory-limit",
  "aud": "http://gitlab.localdev:3000"
}

How to set up and validate locally

build = Ci::Build.last
Gitlab::Ci::Jwt.new(build, ttl: 1.hour).payload
Gitlab::Ci::JwtV2.new(build, aud: 'my-aud', ttl: 1.hour).payload

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.