Allow a Harness Service Account to be authenticated by a JWT signed by an external issuer (e.g. Keycloak, SPIRE, a Kubernetes cluster's projected-token issuer) for Harness Code Git operations. Harness would validate the JWT against a configured external JWKS and claim mapping, and authorize the Git request as the bound Service Account.

similiar to this API: