Chore: Use default credentials for tests instead of SA key

[guilherme-hosoda-cit]

This PR introduces support for default Google Cloud SDK (gcloud) credentials during testing. This eliminates the need for a service account key.

Note

This solution injects your entire Gcloud SDK into the CFT container.

[eeaton]

Thanks Guilherme for the PR!

Unfortunately, there are more changes needed. When I tried testing this locally it fails at an error related to service account keys. (Service Account keys are blocked for most new customer accounts with secure by default org policies), and the automation in the CFT image still relies on service account keys.

I encounter this running make docker_test_prepare. It partially works to create a folder like "test_foundation_folder_z7orq3" and bootstrap project like "ci-foundation-z7orq3-afkk" work, but then fails with an error like the following:

"""
Key creation is not allowed on this service account. [google.rpc.error_details_ext] { message: "Key creation is not allowed on this service account." details { [type.googleapis.com/google.rpc.PreconditionFailure] { violations { type: "constraints/iam.disableServiceAccountKeyCreation" subject: "projects/ci-foundation-z7orq3-afkk/serviceAccounts/ci-account@ci-foundation-z7orq3-afkk.iam.gserviceaccount.com?configvalue=ci-account%40ci-foundation-z7orq3-afkk.iam.gserviceaccount.com" description: "Key creation is not allowed on this service account.
"""

In this repo, I found there is a resource google_service_account_key.int_test at test/setup/iam.tf, and output sa_key under outputs.tf also references that value. It looks like I can get around the issue by removing those two references.

Can you please update this PR to also remove all references to google_service_account_key.int_test?