Plaintext service account credential leaked into Cloud Functions source bucket

[onetwopunch]

There is no need to download a service account key for Golang Cloud Functions to call GCP APIs especially since the service account is already attached to the functions. The problem is two-fold:

1. The service account key is downloaded on the Terraform operator's laptop, meaning they can then use that key in perpetuity without any attribution
2. The service account key is then uploaded alongside the Cloud Function as part of the ZIP file. This means anyone else who may have object reader permissions on that project would also be able to extract the key

This can be fixed by simply:

1. Removing the google_service_account_key resource in Terraform
2. Remove all references option.WithCredentialsFile(authFile) in the clients and subsequently the services.

[onetwopunch]

@tomscript FYI I'll take this one on if that's ok with you since the changes to filtering require the go113 runtime, which means file access like this will have to change anyway.

[tomscript]

hey Ryan, ya thanks for raising this. IIRC i think was done back when you couldn't specify a service account for GCF. that would be awesome if you could take this. go for it! (and thank you!)