Use GCP metadata server and sign blob API for GCS cache url
What does this MR do?
Fixes #5018 (closed)
With this MR it is possible to use the gcp metadata server to get the current service account of the vm or the service account of the pod when running in GKE with workload identity. After this service account is known, it uses the iam sign blob api to create the signed cache urls.
I've also added docs for the new gcs cache config option and to make sure the serviceaccount that is used has the required permissions to use the sign blob api, this is taken from how gitlab itself does this when using object storage: https://docs.gitlab.com/ee/administration/object_storage.html#google-example-with-adc-consolidated-form
Why was this MR needed?
There was no support for the google cloud metadata server to generate gcs cache signed urls.
What's the best way to test this MR?
Create a vm on gcp with gitlab-runner installed(can be any runner executor that uses cache), apply the gcs cache config with only the BucketName
attribute and grant the required permissions to the serviceaccount.