Apply additional best practices to GCP Service Account approach

What does this MR do?

MR follows on from !1227 (merged) with several further improvements to follow the latest best practices around GCP IAM as follows:

• The Service Account User role, required for Terraform to attach accounts to resources, has been adjusted to be set at the lowest possible level - The created Service Accounts themselves.
  • This follows the best practice to not set this role at the project level for all accounts. Users will no longer be required to set this manually at this level.
  • Terraform will default to set this role only for the account Terraform is running with that run.
  • Users can adjust this to a static list if desired with accompanying documentation detailing this.
• Terraform Service Account requirements have been reviewed and adjusted to follow least privilege further. The requirement of Service Account User for this account has been removed, only Service Account Admin is now required.
• The GKE cluster initial node pool has been adjusted to not use the Default Service Account. This node pool is only created temporarily due to GKE design and Terraform deletes this pool immediately straight after to stands up it's own. Nonetheless, as a best practice as well as being required due to the Service Account User role no longer being available at the project level, this has been adjusted to be set to one of the Service Accounts that's created by Terraform (Supporting node pool account).

Related issues

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

• Merge request:
  • Corresponding Issue raised and reviewed by the GET maintainers team.
  • Merge Request Title and Description are up-to-date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline
  • MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
• Code:
  • Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
  • Documentation created/updated in the same MR.
  • If this MR adds an optional configuration - check that all permutations continue to work.
  • For Terraform changes: set up a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
• Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.