Launching a job on Dataflow requires storage.bucket.get permission

[damccorm]

The storage.bucket.get permission is not covered by storage object admin, so this is an extra property requirement.

 

It is possible to verify the existence of a GCS bucket by writing to it. It would be good to ensure Beam doesn't require such high permissions.

Imported from Jira BEAM-11430. Original Jira may contain additional context.
Reported by: pabloem.