Make all oidc-token-verifier parameters configurable

[dekiel]

Description

oidc-token-verifier checks the value of job_workflow_ref claim against an expected trusted workflow value. The expected workflow value is hardcoded along with trusted issuer data. These configuration data should be provided as flags or configuration file. The same approach must be applied for supported signing algorithms.

The configuration must allow providing multiple values.

Reasons

Hardcoding configuration values together with code is an anti pattern. It's not flexible and doesn't allow to use a tool for multiple use cases without code change.

Acceptance Criteria

• [ ] The configuration data can be provided as a config file.
• [ ] The configuration data can be provided as flag when reasonable.
• [ ] Token verifier usage in oci-image-builder is updated to use a new way.

[dekiel]

We should consider creating a separate issue for updating the usage in oci-image-builder for better estimation.