feat: add GCP workload identity federation compatibility

[valkum]

We run our workloads in Google Cloud and thus need to identify with a workload identity provider. I noticed for the AWS counterpart there is special support with propagate-aws-auth-tokens.

This adds support for the gcp-workload-identity-federation plugin and works similar to the AWS token support. It will expose the env vars set by gcp-workload-identity-federation and mount the OIDC temp dir created by the plugin.

I wonder if in the future these can be more abstracted to avoid adding a setting for each cloud provider.