Support GCPKMS login via Oauth token

[BrendanGalloway]

We are using sops to decrypt sensitive data in a CI pipeline using GCPKMS. Currently we log into Google via a credentials file that gets inserted at GOOGLE_APPLICATION_CREDENTIALS. We'd like to move away from the credentials file in favour of OIDC login and a JWT token. However, sops does not appear to be picking up the credentials when gcloud logs in in this manner.

Would it be possible to check the environment for a GOOGLE_OAUTH_TOKEN variable or similar and then use it to pass a WithTokenSource option to the KMS service creation?