Add regex as an optional value for the bound_claims_type

[refucktor]

I already spent some time reading through the issues history to make sure I understand the different points of view on this topic, I found this comment

Hi. Thanks for the contribution. We have generally avoided regexes in Vault, especially in the areas dealing with authentication or authorization. The main reason is that regexes are notoriously easy to get wrong, which is this case could result in unauthorized access.

While I am 100% on this assessment, I also think that people using this plugin must assume responsibility for configuring it.
It's a personal opinion but on my experience, regex are easy to get wrong but they are also less likely to match and give unauthorized access than the globs, here is a very common use case,

• imagine we are trying to create a role that should be only authorized if it comes from a protected tag (a mechanism very often used to create software releases)
• we will have 2 types of releases, a release candidate and a stable release, following the semantic release approach we will end up with v1.2.0-rc.2 and later v1.2.0
• using globs there is no chance to differentiate the roles, cause if we use something like v* then we are allowing both releases

Solution:

• add the option to use regex in the bound_claims_type
• then use a regex to have better control over the bound_claims:

...
# dev|rc|beta release
bound_claims_type = "regex"
bound_claims = {
  ref            = "^(?:v){0,1}(\d+\.){2}\d+\-(alpha|beta|dev|rc)\.\d+$"
  ref_type       = "tag"
  ref_protected  = "true"
}

...
# stable release
bound_claims_type = "regex"
bound_claims = {
  ref            = "^(?:v){0,1}(\d+\.){2}\d+$"
  ref_type       = "tag"
  ref_protected  = "true"
}

what do you think?