feat: Add dynamic block to support job_workflow_ref

[benchunghpe]

Description

This PR adds a dynamic block and optional variable to support specifying a set of allowed job_workflow_ref to allow fine-grained access to a github OIDC role.

Motivation and Context

Currently, the github OIDC role module doesn't support passing job_workflow_ref to explicitly allow a limited set of workflows to assume an AWS IAM role through OIDC. The potential impact of this is that using this module, someone would be able to fork one of our github workflows, change the business logic and still have no issues assuming the IAM role.

At HPE, we have a local version of this module which allows us to say "only allow a workflow to assume this IAM role if it's coming from the main branch of our organisation-wide reusable-workflows", which isn't possible in the main branch of this module due to the lack of support.

Breaking Changes

n/a, this adds a new optional variable so should extend the current functionality for those who require this feature

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• This is running in production at HPE
• I have executed pre-commit run -a on my pull request

[benchunghpe]

This should be ready for review when someone's available.

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[github-actions]

This PR was automatically closed because of stale in 10 days

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.