Move Calendar API to 100% service account usage

[jay0lee]

Today some Calendar commands use admin credentials / oauth2.txt while others use service account DwD / oauth2service.json. There's some history behind this, Calendar has always been somewhat unique among Google services because super admins always have full access to all calendars. That's not the case OOB for Drive or Gmail. However, for consistency and simplification, GAM really should just use one or the other and DwD is the more consistent approach. Today looking at a few numbers:

$ cat gam/__init__.py | grep "buildGAPIObject(API.CALENDAR" | wc -l
9
$ cat gam/__init__.py | grep "buildGAPIServiceObject(API.CALENDAR" | wc -l
4

So I think we should just move those 9 buildGAPIObject calls to be buildGAPIServiceObject. However if someone feels strongly we could look for a way to move all 13 to allow settings to decide whether to use DwD or admin credentials. That could be a great deal of work though.

Thinking longer term:

• Calendar API recently added more granular scopes. Ideally GAM would support these scopes and allow GAM admins to follow "principal of least privilege" - they only need to grant GAM the exact permissions it needs to do the job(s) they want. GAM shouldn't require broad permissions when at least some commands will work with more narrow permissions and scopes. This will be tracked in a separate issue.
• If we decide to move all commands to using buildGAPIServiceObject DwD exclusiviely we should remove the Calendar scope from admin credential oauth2.txt list.