New serviceAccount resource

[tewfik-ghariani]

Instead of specifying a pre-defined serviceAccount email, we can add a new resource for that and have the user specify the scopes then it would get generated as part of the deployment itself

This would be similar to IAM roles in EC2

Not sure about the technical feasibility that's why submitted an issue to discuss this first

[AmineChikhaoui]

@tewfik-ghariani Looking at my notes from few years ago, the reason that I didn't go ahead and implement it at the time is that service accounts creation by itself isn't an issue but you need to change the project iam policy to allow the service account to access/modify resources. That last part was a bit dangerous and would require a more careful implementation as we need to make sure to not accidentally override the existing policy and lock ourselves out of the project.