Set attribute condition for github.tools.sap wif provider

[dekiel]

Github OIDC provider is shared provider which issues tokens for all repositories hosted in the instance. Such tokens are valid from perspective of federated infrastructure. Identities represented by these tokens can be granted access to the gcp resources. If permissions will be granted by mistake there is no configuration which will prevent accessing resources by unauthorised workload.

The workload identity federation provider has property attribute_condition which value is a CEL expression string. The expression is evaluated to decide if token should be accepted. This allow to conditionally control which tokens should be allowed to access resources.

Recently we set attribute condition for github.com provider limiting allowed tokens to the tokens issued for repositories owned by kyma-project organisation.

IaC config setting attribute_condition for provider. https://github.com/kyma-project/test-infra/blob/116249d179742f3748eee002fd53beff47fd7f49/configs/terraform/environments/prod/gcp-workfload-identity-federation.tf#L13

Default value of attribute_condition CEL expression. https://github.com/kyma-project/test-infra/blob/116249d179742f3748eee002fd53beff47fd7f49/configs/terraform/environments/prod/gcp-workfload-identity-federation-variables.tf#L33

The same configuration should be added for github.tools.sap provider.