switch all workloads authenticating to GCP to using Workload Identity rather than a private key saved to GCS

follow up on: gitlab-com/gl-infra/k8s-workloads/gitlab-helmfiles!99 (comment 373237742)

For example, thanos sidecar, gitlab-monitoring-secrets still use a private key for a service account