Reassess GWS.CLASSROOM.1.1 and 1.2

### Prerequisites

- [x] This issue has an informative and human-readable title.

### 💡 Summary

GWS.CLASSROOM.1.1 and 1.2 may be too strict.

### Motivation and context

The policies currently read as:
- Who can join classes in your domain SHALL be set to Users in your domain only.
- Which classes users in your domain can join SHALL be set to Classes in your domain only.

This feels unnecessarily strict. For example, both settings have an "allowlisted domains" option. I don't see why that shouldn't be allowed.
<img width="987" height="846" alt="Image" src="https://github.com/user-attachments/assets/d8432ac8-e71c-477c-926f-33b24eed6355" />

### Implementation notes

Potential re-wordings:
- Who can join classes in your domain SHALL be restricted to users in your domain or allowlisted domains.
- Which classes users in your domain can join SHALL be restricted to classes in your domain or allowlisted domains.

Note that this update will necessitate a ScubaGoggles code change.

### Acceptance criteria

- [x] Determine if baseline change is needed (yes)
- [x] Update Classroom baseline
- [x] Update Classroom Rego code for change

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Reassess GWS.CLASSROOM.1.1 and 1.2 #796

Prerequisites

💡 Summary

Motivation and context

Implementation notes

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Reassess GWS.CLASSROOM.1.1 and 1.2 #796

Description

Prerequisites

💡 Summary

Motivation and context

Implementation notes

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions