Give only the satellite API permission to view Google secrets (other satellite components, e.g. core, admin) should not be able to access Google secrets
new service account should have the following "role grants":
BigQuery Data Editor (to match the datascience service account eventkitd@storj-data-science-249814.iam.gserviceaccount.com currently linked to the satellite)
Secret Manager Secret Accessor (to support satellite managed encryption)
AC
BigQuery Data Editor
(to match the datascience service account eventkitd@storj-data-science-249814.iam.gserviceaccount.com currently linked to the satellite)Secret Manager Secret Accessor
(to support satellite managed encryption)