Default of allow_main only

[xophere]

So I have been using this module. Thanks to all the devs and Philips for making it available. I have used it mostly with a GH env config and in that config it allows different branches. Which we had come to expect. I am now using it only for uploading artifacts so I hadn't planned to used environments. However I do want to support different branches. Besides "allow all" it isn't obvious how to get that behavior. Seems like I could using the config that shows up in AWS:

            "StringLike": {
                "token.actions.githubusercontent.com:sub": "repo:myrepo:ref:refs/heads/main"
            }

conditions = [{ test = "StringLike" variable = "token.actions.githubusercontent.com:sub" values = ["repo:myrepo:ref:refs/heads/*"] }]
But it really isn't clear if that would work. Clearly messing around in here requires some expertise but the docs really don't express how I might do this. And the reason I am using your excellent module was to avoid getting down in the weeds too much. This could be a doc update. I think I will just use allow all as that is probably appropriate for this security scope.

[xophere]

Even a point in the docs to how that conditions logic will be applied and where that is documented elsewhere would be better. I assume it is just passed through to another module underneath.