Update JFrog GitHub OIDC setup docs

[EyalDelarea]

Why:

This change updates the JFrog OIDC integration guide to reflect a recent improvement in the jfrog/setup-jfrog-cli GitHub Action. The action now supports seamless OIDC authentication out of the box, removing the need for users to manually exchange tokens via REST API calls.

---

What's being changed (if available, include any code snippets, screenshots, or gifs):

• Removed outdated examples that manually exchange the GitHub OIDC token using curl.
• Added a simplified and secure example using jfrog/setup-jfrog-cli@v4 with oidc-provider-name and oidc-audience inputs.
• Clarified that no manual token exchange is required when using the JFrog CLI.
• Added a permissions block (id-token: write) to the YAML example to ensure OIDC works as expected.
• Included a new “Security Best Practices” section and a “Further Reading” section linking to the JFrog CLI’s manual token exchange command for advanced use cases.

---

Check off the following:

• A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR.
• The changes in this PR meet [the docs fundamentals that are required for all content](http://docs.github.com/en/contributing/writing-for-github-docs/about-githubs-documentation-fundamentals).
• All CI checks are passing and the changes look good in the review environment.

[welcome]

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[github-actions]

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

• Spin up a codespace
• Set up a local development environment

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source	Review	Production	What Changed
actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-jfrog.md	fpt ghec	fpt ghec

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

[Sharra-writes]

@EyalDelarea Thanks for opening a PR! 🎉

It looks like this is still a draft. Could you ping me when this is ready? Then, I'll get it up for review ⚡

[MikaLJF]

It looks great! I left a couple comments, please take a look and let me know what you think

[Sharra-writes]

Thanks! I'll get this triaged now.

[github-actions]

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀

[EyalDelarea]

Hey @Sharra-writes,
We want to introduce a new change to our setup-jfrog-cli and only then merge this PR.
So let me know if you want me to move this to draft again,
The content will be the same.
Thanks !

[Sharra-writes]

@EyalDelarea If this isn't ready to merge yet, then leaving it as a draft would probably be better. My job will be looking for technical confirmation internally, and I probably can't get confirmation on changes that haven't been made yet! 😆

[EyalDelarea]

@Sharra-writes,
I've converted it to draft for now, will ping once it's ready for review.
Thank you.

[subatoi]

👋 Thank you for raising this and thanks for your patience

I've raised a few comments and questions, and once we've resolved things there won't be any problem with merging this. With a couple of exceptions, almost all of my review comments are related to the GitHub or Microsoft style guides, so if you'd like us to explain any of them then just let us know. Thank you

[Sharra-writes]

I've committed these suggestions to get things moving on this, so we can hopefully get it merged.

[github-actions]

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡