Move terraform GCS instance service account to project module

While cleaning up terraform code for gitlab-ENV-secrets buckets duplicated between the project and storage-buckets modules, this block was leftover creating the IAM binding granting access to the terraform service account used for all GCE VM instances.

With the secrets bucket moved to the project module, it doesn't make sense to keep this IAM binding in the old module, but moving it implicates also managing the terraform service account with the project, and exporting the account email/ID for other terraform configurations to access via remote state lookup for the bindings that are staying in the storage-buckets module. I inspected the terraform state files for gstg and gprd and it appears that this service account is not currently managed by terraform, and so can easily be imported into the env-projects configuration after the project module is updated.

1. Add a google_service_account resource to the project module for the terraform account.
2. Remove the google_storage_bucket_iam_binding from the storage-buckets module
3. Add a google_storage_bucket_iam_binding to the project module
4. Import the service account to the terraform state for env-projects
5. Import the google_storage_bucket_iam_binding resource to the terraform state for env-projects
6. Bump module versions for project and storage-buckets across all environments