In https://gitlab.com/gitlab-org/gitlab/-/issues/404722+, we added `ci_config_ref_uri` and `ci_config_sha` claims to the ID token in order to support [keyless signing with Sigstore](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html). The first iteration only populates these two claims when the CI config is located within the project. In order to expand support for keyless signing, we should populate `ci_config_ref_uri` and `ci_config_sha` when the CI config is located outside of the project (e.g. AutoDevOps, CI config in another repo, CI config coming from arbitrary URL, bridge pipelines, compliance pipelines). <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION --> *This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.* <!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->