Enable MTLS and Identity-bound token when using Google Api client libraries

[xmenxk]

Google client libraries use Application Default Credentials (ADC) to select credentials. When running in GCP the default option is getting a bearer token from metadata service, and use it over a TLS connection to Google Apis.

We can improve security by integrating with S2A, where a workload can obtain identity-bound token and use it to talk to Google Apis, over a MTLS connection.

S2A is Google's Secure Session Agent, which is part of the cloud infrastructure.