Update Jobs using `CI_JOB_JWT_V2` to use `id_tokens`

Update Jobs using CI_JOB_JWT_V2 to use id_tokens

Gitlab 16.0 will deprecate the use of CI_JOB_JWT_V2 as a global environment variable in favor of using the job-scoped id_tokens keyword. This change means that JWTs will only be injected into the environment for the jobs where they are used, and also allow us to specify an aud claim, which has the advantage of allowing us to provide scoped application permissions depending on what the job requires (although we will need to update our OPA policy to leverage it).

Plan

Currently, the three stages actually using CI_JOB_JWT_V2 are twictlock-scan and anchore-scan. The job definitions for these will need to be updated accordingly:

# anchore-scan
id_tokens:
  ANCHORE_TOKEN:
      aud: https://repo1.dso.mil

# twistlock-scan
id_tokens:
  TWISTLOCK_TOKEN:
      aud: https://repo1.dso.mil

Additionally, any references to the old CI_JOB_JWT_V2 environment variable should be replaced with ANCHORE_TOKEN or TWISTLOCK_TOKEN as appropriate. Note that this will maintain the currently functionality of our OPA policy. We may add additional aud claims (they can be a list) to improve our scoping of application permissions per-jobs (looking at you, Harbor).

Also, may be a good idea to use the built-in CI_SERVER_URL variable provided by Gitlab for the aud value, to avoid breaking staging/adding a new CI variable.