Fix dispatcher test policy to ensure we have the proper subject

[AAraKKe]

What does this PR do?

Fix subject in policy to allow pull requests to use it.

Motivation

Review checklist (to be filled by reviewers)

• Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
• Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
• If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Subject pattern rejects master branch tokens

The new subject_pattern uses ref:refs/head/master (missing the s in heads), but GitHub OIDC sub claims for branch runs are repo:DataDog/integrations-core:ref:refs/heads/<branch>. Because the regex no longer matches the actual master subject, push or workflow_dispatch runs on master will fail to obtain STS credentials and the dispatcher workflow cannot manage runs except when invoked from pull_request. This regressively blocks the intended master events.

Useful? React with 👍 / 👎.

Review from lucia-sb is dismissed. Related teams and files:

• agent-integrations
  • .github/chainguard/self.test-dispatcher.sts.yaml

[AAraKKe]

Just fixed a typo and since this is for testing I am merging now, lucia is busy with the release shadowing.