We would like the ability to create an additional custom claim to the CircleCI OIDC token to support using source identity with AssumeRoleWithWebIdentity in AWS.

Ideally, this would match the subject so that the sts:SourceIdentity condition key in chained roles could be used to match the source identity from the AssumeRoleWithWebIdentity.