fix(auth): fix token signing service account email extraction

[lahirumaramba]

Description

This PR fixes a bug in the Firebase Admin SDK where generating custom tokens or signing bytes failed if the application was initialized using Workload Identity Federation / Application Default Credentials (ADC).

The Issue

Previously, the SDK was attempting to extract the service account email directly from options.credential?.serviceAccountCredentials?.email. However, when using ADC, the serviceAccountCredentials property is explicitly null. This resulted in the IAM signing layer lacking the necessary target principal to execute the signBlob API correctly.

The Fix

• app_extension.dart: Refactored the serviceAccountEmail getter to rely on options.credential?.serviceAccountId (which works for both Standard Service Accounts and ADC).
• Passed options.credential?.serviceAccountId directly to the underlying googleapis_auth library's client.sign method, ensuring that token generation requests are properly attributed to the target service account.

Note: This PR is dependent on the googleapis_auth library update that introduces the serviceAccountEmail parameter to AuthClientSigningExtension.sign. google/googleapis.dart#731

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[demolaf]

Hi @lahirumaramba , thanks for the PR!

We would have to wait for the changes in googleapis_auth to be published or temporarily make the below change until then.

+dependency_overrides:
+  googleapis_auth:
+    git:
+      url: https://github.com/google/googleapis.dart.git
+      ref: master
+      path: googleapis_auth
+