CKV_GCP_125: check too big, not documented, cumbersome to satisfy

[pndurette]

Describe the issue

CKV_GCP_125 has 8 possible failure cases with a very generic error ("Ensure GCP GitHub Actions OIDC trust policy is configured securely").

It just triggered for us on existing resources and it's very cumbersome to know what's up without any documentation. I have to go through the check source code line-by-line running the code in my head with my Terraform code next to it to try to see what it suddenly complains about.

Either it needs better explanation of what's being checked or it needs to be broken up in way more checks.

Examples
N/A

Version (please complete the following information):

• Checkov Version 3.2.357 (from the GitHub Actions run log)

Additional context
N/A

[issacg]

FWIW, this seems to have been introduced in #6964
The code used to be more verbose about the failure reason, and these printed reasons were prune from the code in the above PR. Perhaps this can be restored?

[dothomson]

I've also just encountered this issue.

Additionally the rule doesn't handle cases where the attribute condition is constructed using variables or locals.

I was providing the repo name via a module variable but will now have to disable to check as this rule is not specific and unclear on why it isn't working