docs: add GCP backend authentication guide

[Roniscend]

Adds documentation for GCP backend authentication using explicit credentials in both Kubernetes and standalone deployments
Fixes: #462

[Copilot]

Pull request overview

Adds documentation for GCP backend authentication using explicit credentials for both standalone configuration and Kubernetes (Secret-based) deployments, addressing Issue #462.

Changes:

• Documented standalone backendAuth.gcp.credential configuration using a credentials file or inline JSON.
• Added new Kubernetes docs pages for “GCP backend authentication” (main/latest) that reuse a shared guide.
• Introduced a shared Kubernetes guide describing storing ADC JSON in a Secret and referencing it from an AgentgatewayPolicy.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
content/docs/standalone/main/configuration/security/backend-authn.md	Adds standalone examples for explicit GCP ADC credentials (file + inline).
content/docs/standalone/latest/configuration/security/backend-authn.md	Same as above for the latest standalone docs track.
content/docs/kubernetes/main/security/backend-authn-gcp.md	Adds a Kubernetes “GCP backend authentication” page that reuses the shared guide.
content/docs/kubernetes/latest/security/backend-authn-gcp.md	Same as above for the latest Kubernetes docs track.
assets/agw-docs/pages/security/backend-authn-gcp.md	New shared guide describing Secret creation and AgentgatewayPolicy configuration for GCP backend auth.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[artberger]

Thanks for opening this PR, I left some suggestions.

[artberger]

Suggested change

	## Before you begin

[artberger]

Spell out on first use of acronyms

Suggested change

	Authenticate to GCP backends from an {{< reuse "agw-docs/snippets/agentgateway/agentgatewaypolicy.md" >}} using Google Cloud Platform authentication.
	Configure authentication for backends in Google Cloud Platform (GCP) with an {{< reuse "agw-docs/snippets/agentgateway/agentgatewaypolicy.md" >}}.

[artberger]

Suggested change

By default, the proxy uses ambient credentials from the environment (for example, Workload Identity on GKE, or `GOOGLE_APPLICATION_CREDENTIALS`). Configure GCP auth in your {{< reuse "agw-docs/snippets/agentgateway/agentgatewaypolicy.md" >}} to generate the appropriate token type for your backend.

By default, the proxy uses ambient credentials from the cluster provider environment, such as [Workload Identity on GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity), or the `GOOGLE_APPLICATION_CREDENTIALS` environment variable in the key file for a ServiceAccount. To use token-based credentials, apply an {{< reuse "agw-docs/snippets/agentgateway/agentgatewaypolicy.md" >}} with GCP auth to your backend.

[artberger]

Duplicate description in L59

Suggested change

If `audience` is omitted with `IdToken`, it is automatically derived from the backend hostname.

[artberger]

I think we can combine this with the earlier description and remove here.

Suggested change

GCP credentials are sourced from the environment automatically. On GKE, use [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) to bind the pod's service account to a GCP service account. Outside GKE, set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to a service account key file.