fix: 'Incorrect token audience' error for GH OIDC

This is an update to the construct that creates IAM resources for GitHub
Actions, first introduced with #823
in early October 2021.

Apparently the `ClientIdList` field should no longer be `sigstore`, as
of 19th October 2021:

aws-actions/configure-aws-credentials#291
aws-actions/configure-aws-credentials#280 (comment)
aws-actions/configure-aws-credentials#284

The new value is `sts.amazonaws.com`, which I think corresponds to this
line in the docs:

> For the "Audience": Use sts.amazonaws.com if you are using the official action.
https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#adding-the-identity-provider-to-aws

With the old value of `sigstore` in the `AWS::IAM::OIDCProvider` `ClientIdList` field,
running the `aws-actions/configure-aws-credentials` GitHub Action will give you
a "Error: Incorrect token audience" error:

https://github.com/guardian/facia-scala-client/runs/7025740057?check_suite_focus=true#step:3:6

src/constructs/iam/roles/__snapshots__/github-actions.test.ts.snap

@@ -37,7 +37,7 @@ Object {
     "GithubActionsOidc": Object {
       "Properties": Object {
         "ClientIdList": Array [
-          "sigstore",
+          "sts.amazonaws.com",
         ],
         "ThumbprintList": Array [
           "6938fd4d98bab03faadb97b34396831e3780aea1",

src/constructs/iam/roles/github-actions.ts

@@ -63,7 +63,7 @@ class GitHubOidcProvider extends CfnResource {
       type: "AWS::IAM::OIDCProvider",
       properties: {
         Url: `https://${GITHUB_ACTIONS_ID_TOKEN_REQUEST_DOMAIN}`,
-        ClientIdList: ["sigstore"],
+        ClientIdList: ["sts.amazonaws.com"],
         ThumbprintList: [GITHUB_ACTIONS_ID_TOKEN_REQUEST_DOMAIN_THUMBPRINT],
       },
     });