Create one service account per cluster instead of reusing the same SA

[maqiuyujoyce]

Fixes #120

[maqiuyujoyce]

I refactored the commit based on the new comments in #120. Now sc installer will create one service account for each cluster, and it will be able to create an idempotent experience for the users.

Since the cluster name is actually very long while SA name has a maximum length of 30 characters, I decided to use MD5 hash and base32 encoding to construct valid and unique SA names.

For existent users, a warning is printed when running sc remove-gcp-broker so that they will know the deprecation of service account _service-catalog-gcp@[projectid].iam.gserviceaccount.com.

One question is that: Can different users share the same cluster at the same time? If so, it might cause problems.

This change also fixes #125 and partially addresses #38. The second part of the problem for #38 is that if we keep running sc add-gcp-broker, we will get failures from the second time. However, it won't stop new keys from being created. So do we want to remove the newly created keys when sc add-gcp-broker failed?

[mihnjong]

Please test this scenario:

(1) sc add-gcp-broker (2) users delete the service acccount (3) sc add-gcp-broker again

• In this case, SetIamPolicy would apply to the deleted service account, which is not expected behavior.
• We should remove the IAM role followed by adding the IAM role.

Another scenario:

(1) sc add-gcp-broker (2) sc add-gcp-broker many times

• Is sc add-gcp-broker idempotent? I guess we keep creating a private key, and it will eventually fail? Failing is okay, but we could output the error message that "Warning: please run sc uninstall before running sc install".