Add multiple SAN support when processing a JWT token in ciprovider

[Meeki1l]

We need to add two values as SAN when integrating with Gitlab:

1. ci_config_ref_uri
2. user_email

This is necessary so that the policy controller can create flexible ClusterImagePolicy. Mono repositories can have different projects and even different teams. We need to check both the validity of ci_config_ref_uri and the validity of user_email when delivering the image