Support id_tokens for remote flows and external agents

Erran Careyrequested to merge
591140-add-id-tokens-for-flows into master

What does this MR do and why?

Adds support for id_tokens configuration in Duo Agent Platform flows and remote (third-party) flow triggers, enabling OIDC authentication with external services during flow execution.

Users can now declare id_tokens in their agent-config.yml (for Duo Workflows) or in a catalog flow definition (for remote/third-party flows). Each token specifies an aud (audience) claim, and GitLab CI/CD generates a signed JWT that is injected into the job environment as a variable.

Testing

Refer to the latest test steps at !224940 (comment 3450293479).

References

Related to #591140

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Erran Carey

Merge request reports