[bug] `generator_generic_slsa3 ` fails on GitHub Enterprise with custom OIDC issuer policy (`include_enterprise_slug`)

[mkabir-evertz]

Describe the bug
slsa-github-generator fails when used in a GitHub Enterprise organization that has the custom OIDC issuer policy enabled (include_enterprise_slug: true). When this policy is active, every OIDC token minted under the enterprise has the enterprise slug appended to the issuer:
"iss": "https://token.actions.githubusercontent.com/{enterprise-slug}"
The generator hardcodes https://token.actions.githubusercontent.com in github/oidc.go and performs an exact match, causing verification to fail before even reaching Fulcio.

To Reproduce
Steps to reproduce the behavior:

1. Enable the custom OIDC issuer policy on your GitHub Enterprise organization (include_enterprise_slug: true)
2. Use generator_generic_slsa3.yml in a workflow within that enterprise
3. The provenance job fails with:
   verify: could not verify token: oidc: id token issued by a different provider, expected "https://token.actions.githubusercontent.com" got "https://token.actions.githubusercontent.com/{enterprise-slug}"

Expected behavior
The generator should accept OIDC tokens where the issuer is https://token.actions.githubusercontent.com/{enterprise-slug}, validating that it starts with the expected base URL rather than requiring an exact match.

Screenshots

Additional context

• Root cause: defaultActionsProviderURL hardcoded at github/oidc.go#L33, verified against the full issuer URL by go-oidc.
• This affects any enterprise using OIDC keyless auth with AWS, Azure, or GCP with the slug policy enabled,this is a standard security hardening recommendation.