Expose a getCredentials method

[stephenplusplus]

The private_key and client_email properties of a service account JSON file are required for crypto operations, such as generating a signed URL. Example from @google-cloud/storage: https://github.com/googleapis/nodejs-storage/blob/469530c744c42096e46f39f409272cca05eaf02a/src/file.js#L1646.

Evidently, the GCP metadata server can return these values. google-auth-library is the most knowledgeable of the environment and authentication choices made by the user, and ideally would expose a method like authClient.getCredentials().

This method would return the contents of the service account JSON key file, or if the user did not give a key file, i.e. they're on GCP, it would read the properties from the metadata server.

[inlined]

Just to make sure we're all on the same page, the Google metadata service will not reveal a private key, but that's not needed for the signed URLs in @google-cloud/storage. Instead, @google-cloud/storage should use an OAuth token from the metadata server and call IAM's signBlob API.

[bantini]

@lukesneeringer @stephenplusplus What should be the signature of the method? What should be the signature of the callback function?

[lukesneeringer]

/cc @stephenplusplus for a decision

My gut is that it optionally takes a key file, and it returns a (potentially partial) service account dictionary.

[stephenplusplus]

We actually talked it through a bit in the PR: #180