Add details on claim verification for protected branches

[sidsenkumar11]

The Google documentation only suggests verifying the repository_owner claim, which is insufficient for most use cases. Adding notes from this blog post to show how to use other claims to protect cloud resources from potentially malicious untrusted code.

[google-cla[bot]]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[sethvargo]

Closing due to lack of response. Please at-mention me if you'd like to continue review.