Add GoogleCredential.FromServiceCredential or other way to support custom token refresh for workload identity federation

[sopelt]

We are using the Firebase Admin .NET SDK in combination with Workload identity federation and Azure Active Directory as external IdP. This means that we cannot use the normal token handling provided by the SDK. When using GoogleCredential.FromAccessToken there seems to be no way to handle token expiration/refresh as discussed here.

We tried implementing a ServiceCredential, which we understood to be the correct base class to use for such scenarios, but we cannot wrap it in a GoogleCredential in order to pass it to the options.

Having something like GoogleCredential.FromServiceCredential or another way to support this scenario would be greatly appreciated.

As a workaround we derived from ComputeCredential as that can be wrapped by FromComputeCredential without complaining about uninitialized settings. In that derived implementation we added a simple token cache and the token request/exchange logic for the external IdP.

[jskeet]

Closing this as a duplicate of #2033 - support for Workload Identity Federation is already in progress. (Please don't regard the closure as in any way seeing the feature request as invalid - it's just a matter of trying to avoid having multiple issues open for the same feature.)