GCP: Add SSH key to project metadata

[christophetd]

Sources:

• https://cloud.google.com/compute/docs/connect/add-ssh-keys#add_ssh_keys_to_project_metadata
• https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
• https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/

By default, allows access to all VMs in a project (unless the VMs disable project-wide SSH keys, which is not the default)

[christophetd]

challenge: might be very noisy and not actionable enough for detection, as the gcloud compute ssh seems to do it

[christophetd]

Note: OS login is generally used, so that could be a good detection

[christophetd]

Might also be added at the VM level.

[christophetd]

Moving to "to implement" considering we now have evidence from https://unit42.paloaltonetworks.com/cloud-lateral-movement-techniques/ it's been exploited in the wild