fix(docs): Assign policy to token, grant it access

policies/remco/remco.hcl

@@ -1,12 +1,22 @@
 # Allow listing secret parent-child connections (as in UI hierarchy). Subdir
 # underneath 'kv' secrets engine will remain hidden though, user has to
 # manually open up
-# ${VAULT_ADDR}/ui/vault/secrets/kv/list/for_{{identity.groups.ids.GROUPID.name}}
-path "kv/metadata/for_{{identity.groups.ids.GROUPID.name}}/*" {
+# ${VAULT_ADDR}/ui/vault/secrets/kv/list/for_{{identity.groups.ids.83754fb4-ee24-fa6a-52dd-50ef8f1d6665.name}}
+path "kv/metadata/for_{{identity.groups.ids.83754fb4-ee24-fa6a-52dd-50ef8f1d6665.name}}/*" {
+    capabilities = ["list"]
+}
+
+# Same but without ID, this allows an orphan token (i.e. that has no parent "entity_id") to also access this
+path "kv/metadata/for_rbacgroup_remco/*" {
     capabilities = ["list"]
 }
 
 # Grant read-only access to secrets
-path "kv/data/for_{{identity.groups.ids.GROUPID.name}}/*" {
+path "kv/data/for_{{identity.groups.ids.83754fb4-ee24-fa6a-52dd-50ef8f1d6665.name}}/*" {
+    capabilities = ["read"]
+}
+
+# Same but without ID, this allows an orphan token (i.e. that has no parent "entity_id") to also access this
+path "kv/data/for_rbacgroup_remco/*" {
     capabilities = ["read"]
 }