feat!: Deduplicate IAM for cloudservices service agent

[gorge511]

BREAKING CHANGE: Terraform will remove the IAM for cloudservices service agent and return it on the next run. Can be avoided with removing all the duplicated IAM resources from terraform state manually.

Previous code was creating duplicated IAM for cloudservices service agent. It doesn't matter when creating, but it matters when removing api from active apis list. Then it remove all the IAM for the cloudservices service agent and it gets fixed only with subsequent terraform apply.

See the plan below with two active apis. It creates two identical iam_member resources.

# module.shared_vpc_access.google_compute_subnetwork_iam_member.cloudservices_shared_vpc_subnet_users[0] will be created
+ resource "google_compute_subnetwork_iam_member" "cloudservices_shared_vpc_subnet_users" {
    + etag       = (known after apply)
    + id         = (known after apply)
    + member     = "serviceAccount:1234567890@cloudservices.gserviceaccount.com"
    + project    = "my-host-project-1234"
    + region     = "europe-west1"
    + role       = "roles/compute.networkUser"
    + subnetwork = "subnet1"
  }
# module.shared_vpc_access.google_compute_subnetwork_iam_member.cloudservices_shared_vpc_subnet_users[1] will be created
+ resource "google_compute_subnetwork_iam_member" "cloudservices_shared_vpc_subnet_users" {
    + etag       = (known after apply)
    + id         = (known after apply)
    + member     = "serviceAccount:1234567890@cloudservices.gserviceaccount.com"
    + project    = "my-host-project-1234"
    + region     = "europe-west1"
    + role       = "roles/compute.networkUser"
    + subnetwork = "subnet1"
  }

[github-actions]

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[gorge511]

Hi @imrannayer, can you please check this PR?