1. A new `job_source` claim will be added to our [id_token claims](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). The value will be the same as requirement 1 listed above. 2. For jobs that are run by a security policy project, a new `job_policy_ref_uri` claim will be added to our [id_token claims](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). 1. The value will be null for jobs that do not come from a scan execution policy. 2. The value will point to the scan execution policy file for jobs that do come from a scan execution policy. 3. The format will be `gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main`. 3. For jobs that are run by a security policy project, a new `job_policy_ref_sha` claim will be added to our [id_token claims](https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html). 1. The value will be null for jobs that do not come from a scan execution policy. 2. The value will be the git commit SHA for the `job_policy_ref_uri` for jobs that do come from a scan execution policy.