Support for workload identity federation

[IvanUkhov]

Thank you very much for this handy crate! I am wondering what would it take to add support for workload identity federation. According to the documentation, GOOGLE_APPLICATION_CREDENTIALS used in ApplicationDefaultCredentialsAuthenticator can point at such a file instead of a file with a service account key.

[dermesser]

Thank you for the kind words! Unfortunately, by asking this question you already show that you know much more about this type of authentication than I do :-) Reading the docs didn't help a lot either (on first glance), as I am not very familiar with the specific feature or environments where one might use it.

However, may I suggest that you (if you have the time for it) explore the source code of yup-oauth2 a bit? Maybe you find a simple way to integrate this into the existing framework, in which case I'll happily take a PR. (at which point I hopefully know a bit more about this type of authentication)

[IvanUkhov]

For inspiration, it is implemented here:

https://github.com/yoshidan/google-cloud-rust/tree/main/foundation/auth

One, however, would have to dig deeper and understand what is what.

[IvanUkhov]

Workload Identity is currently the recommended authentication mechanism on Google Kubernetes Engine:

https://cloud.google.com/kubernetes-engine/docs/concepts/workload-identity#alternatives_to