fix: grant compute.networkAdmin for Datastream SA by default

[dtsong]

Intend to fix: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/831

Per the docs, in a shared VPC context, the host project will need to grant compute.networkAdmin to the child project's Datastream service account to support private connectivity.

Source: https://cloud.google.com/datastream/docs/create-a-private-connectivity-configuration#before-you-begin

[google-cla[bot]]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[imrannayer]

@dtsong we dont assign admin permissions by default. Maybe we can add in variable definition that this is required for datastream.

[github-actions[bot]]

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days