GraphQL: Implement RunnerCloudProvisioningOptions in ProjectType

What does this MR do and why?

This MR adds the project.runnerCloudProvisioningOptions query, required to support the new runner provisioning flow on Google Cloud (frontend: #437907 (closed)). It builds on #439569 (closed) to allow fetching regions, zones, and machineTypes available to a Google Cloud project. The Google Cloud project is associated with a GitLab project through the New Google Artifact Registry Project Integration (#425066 - closed) (temporary, this will be moved to a new Google IAM project integration).

The graphql query is gated on the :read_runner_cloud_provisioning_options project policy introduced in !143570 (merged), available only to maintainer+ users on a project, and when the SaaS google_artifact_registry feature is available.

Closes #438315 (closed)

Changelog: added EE: true

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Although the client class itself is quite simple to use, the setup of the supporting components can be quite involved.

We have two way to set up things: either using the gcp demo project (if you have access) or using a service account.

1️⃣ Set up using the gcp demo project

⚠ This is only available to members with access to the gcp demo project.

1. In Cloud Run, there is a glgo instance running. Click on the details and copy the url.
2. In ee/lib/google_cloud_platform/base_client.rb, replace the GLGO_BASE_URL constant with the url from (1.).
3. In ee/lib/google_cloud_platform/jwt.rb, return a fixed string of your choice for #issuer. I used http://pedropombeiro.gdk.test:3000.
4. Start your local GDK, access /oauth/discovery/keys and paste the content on a Gitlab.com snippet. Copy the url of the raw form of the snippet.
5. In Cloud Run, create a new version to deploy and update the GLGO_KNOWN_ISSUERS env variable with the following string: ,<issuer string>;<url of the raw form of the snippet>

Don't forget to set up a Workload Identity Federation properly and get its url without the protocol.

2️⃣ Set up using a service account

1. Create a service account that has the Compute Viewer role.
2. Create a json file credentials and download it.
3. In ee/lib/google_cloud_platform/compute/client.rb, in the #external_credentials function. Replace the method content with the path to the credentials file.

3️⃣ The client class in action

One last setup, there is a guard to make sure that the client class is used in the saas instance only. In ee/lib/google_cloud_platform/compute/client.rb, comment L133.

Now, that the set up is out of the way, let's play! 🕹

1. Set up a project integration in some project, e.g. gitlab-org/playground

2. Open http://gdk.test:3000/-/graphql-explorer and run the following query:

   {
     project(fullPath: "gitlab-org/playground") {
       id
       runnerCloudProvisioningOptions(provider: GOOGLE_CLOUD) {
         regions(first: 2) {
           nodes {
             name
             description
           }
           pageInfo {
             hasNextPage
             endCursor
           }
         }
         zones(region: "us-east1", first: 2) {
           nodes {
             name
             description
           }
           pageInfo {
             hasNextPage
             endCursor
           }
         }
         machineTypes(zone: "us-east1-b", first: 2) {
           nodes {
             name
             description
             zone
           }
           pageInfo {
             hasNextPage
             endCursor
           }
         }
       }
     }
   }

You should see the zones and machine types requested.