Documentation missing for Google service account setup

[cisopaul]

Describe the bug
In the README/Google section there is no detail of which role in GCP is required for the service account. The linked Google documentation (https://developers.google.com/workspace/guides/create-credentials#google-cloud-console) states 'optionally assign roles to your service account to grant access to your cloud resources'. Then there is a section on assigning a role to the service account for the Google Admin access.

For ssosync to work the service account will need some permissions to both Google Cloud & Google Workspace. The documentation should provide this information.

To Reproduce
Read the README & observe the lack of detail on which roles to assign.

Expected behavior
README provides full details of roles required for Google Cloud & Google Workspace access, or if not required this should be stated.

Examples of how to test that you have the correct access set up would also be useful. The likely audience here is AWS customers who may not be running any workloads in GCP so specific guidance on configuring appropriate access to sensitive APIs is important.

Additional context

[kesor]

At the moment, the code has hardcoded my_workspace as the customer_id used for the parameter of user and group listing. The string my_workspace is a magic string that JustWorks™ when impersonating an admin. When using the service account itself to have admin permissions for reading users and groups, the API calls must include an explicit customer_id. See #233 for the implementation of this.