fix: use active gcp account

[ericzzzzzzz]

Fixes: #6996
Description

• update the method to get gcp active account credential
• The original method to retrieve account credential always produces error when calling credential.tokenSource.token method. This might have not been verified when it was implemented, seems a little strange to create credential with an access token. My understanding is that the credential is used to retrieve an access token and the token can be used to initiate other requests to other services. oauth.google package can use adc(application default credential)

 "client_id": "..."
 "client_secret" :".."
 "refresh_token":"...."
 "type": ".."

to construct tokenSource which is used retrieve access token , we can also implement our own token source and provide it to google.Credentials struct , then the tokenSource.token() will be called when needed to request gcp services.

Test Plan

• create a service account from your project
• create keyfile for your account
• run gcloud auth activate-service-account {account_name} --key-file={file} to activate your account
• run skaffold build -vdebug in integration/testdata/gcb-explicit-repo project, the run should fail if you didn't give your service account k8s-skaffold storage access and artifact registry, this is good to prove that we're using the active account to issue request
• example message creating bucket if not exists: getting bucket "k8s-skaffold_cloudbuild": googleapi: Error 403: {{service-account-name}} does not have storage.buckets.get access to the Google Cloud Storage bucket. Permission 'storage.buckets.get' denied on resource (or it may not exist)., forbidden

[codecov]

Codecov Report

Merging #8584 (917e6f7) into main (290280e) will decrease coverage by 6.19%.
The diff coverage is 54.18%.

❗ Current head 917e6f7 differs from pull request most recent head 2c831ed. Consider uploading reports for the commit 2c831ed to get more accurate results

@@            Coverage Diff             @@
##             main    #8584      +/-   ##
==========================================
- Coverage   70.48%   64.29%   -6.19%     
==========================================
  Files         515      610      +95     
  Lines       23150    30582    +7432     
==========================================
+ Hits        16317    19664    +3347     
- Misses       5776     9446    +3670     
- Partials     1057     1472     +415     

Impacted Files	Coverage Δ
cmd/skaffold/app/cmd/completion.go	13.04% <0.00%> (-1.25%)	⬇️
cmd/skaffold/app/cmd/config/list.go	65.21% <ø> (ø)
cmd/skaffold/app/cmd/config/set.go	88.72% <ø> (ø)
cmd/skaffold/app/cmd/config/util.go	54.28% <ø> (ø)
cmd/skaffold/app/cmd/credits.go	100.00% <ø> (ø)
cmd/skaffold/app/cmd/credits/export.go	0.00% <0.00%> (ø)
cmd/skaffold/app/cmd/deploy.go	40.90% <0.00%> (-12.94%)	⬇️
cmd/skaffold/app/cmd/diagnose.go	62.22% <0.00%> (-2.65%)	⬇️
cmd/skaffold/app/cmd/flags.go	93.00% <ø> (+2.18%)	⬆️
cmd/skaffold/app/cmd/generate_pipeline.go	60.00% <ø> (ø)
... and 38 more

... and 389 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[ericzzzzzzz]

parsing credential field from the gcloud config config-helper command output should be able to achieve the same effect, but gcloud config config-helper is not an open knowledge, as may be removed as --help indicate

NOTES
    This command is an internal implementation detail and may change or
    disappear without notice.

[aaron-prindle]

nit: might make sense to add a debug level log entry for cErr, currently I believe it is ignored outright

[aaron-prindle]

nit: might make sense to differentiate the error messages here so it is clearer which one of these 2 steps failed

[aaron-prindle]

LGTM, left 2 small nit comments