Allow for Service Agent IAM binding at the project level

[jace-ys]

👋🏻 Thanks for creating this module.

We would really like to use it but one blocker we're hitting is that our Terraform does not have permissions to manage organization level resources, meaning we can't create the google_organization_iam_binding at the organization level for the PAM service agent.

Would you be able to support the IAM binding at the project level instead? Meaning a google_project_iam_binding instead.

[jace-ys]

Had a stab at it: https://github.com/GoogleCloudPlatform/terraform-google-pam/pull/5