ref(symbolicator): only fetch gcp token if no private_key is configured

[Litarnus]

This PR changes the order of operations for obtaining GCP token. Instead of attempting to fetch it in all cases, it will only try to obtain it if no private_key is defined.
This way we can ensure that previously configured projects work as before without having to unnecessary attempt to fetch the token.
By restoring the old behaviour for sources with client_email and private_key, it allows us to remove the feature flag.

[sentry]

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

• ‼️ RefreshError: ('Unable to acquire impersonated credentials', '{\n "error": {\n "code": 503,\n "message": "Policy checks are unavailable.",\n "status": "UNAVAILABLE"\n }\n}\n') sentry.profiles.task.process_profile View Issue
• ‼️ RefreshError: ("Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/getsentry-web@internal-sentry.iam.gserviceaccount.com/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fiam from the Google Compute Engine metadata se... sentry.profiles.task.process_profile View Issue
• ‼️ RefreshError: ("Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/getsentry-web@internal-sentry.iam.gserviceaccount.com/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fiam from the Google Compute Engine metadata se... sentry.profiles.task.process_profile View Issue
• ‼️ RefreshError: ('Unable to acquire impersonated credentials', '{\n "error": {\n "code": 503,\n "message": "Policy checks are unavailable.",\n "status": "UNAVAILABLE"\n }\n}\n') sentry.profiles.task.process_profile View Issue
• ‼️ ProcessingDeadlineExceeded: execution deadline of 60 seconds exceeded ingest.profiling:sentry.profiles.task.process_p... View Issue

_{Did you find this useful? React with a 👍 or 👎}