auth-provider-gcp: support using alternate credentials

[theobarberbany]

Currently, as far as I can tell,auth-provider-gcp only supports using the default gcp service account attached to the GCE VM. (https://github.com/kubernetes/cloud-provider-gcp/blob/master/pkg/gcpcredential/gcpcredential.go#L171-L226).

It would be great to additional authentication methods when making credentials requests, e.g support service account impersonation, or passing GOOGLE_APPLICATION_CREDENTIALS. This is because we have a use case where we don't want to provide credentials via roles attached to the default service account.

It looks like the CredentialProviderConfig allows for either passing args, or env vars: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/

If this is something the project would be open to, I'd be happy to work on it!

[k8s-ci-robot]

This issue is currently awaiting triage.

If the repository mantainers determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[elmiko]

cc @cheftako could use your advise on this one

talking about this at sig meeting today, we agree that this sounds reasonable, @cheftako will followup with maintainers. just a note, @theobarberbany is willing to followup with a PR for this if we agree about making the changes.