Add Service Account User role to Github Actions service account

[ohrite]

Description

This PR is a follow-up to #4411, and completes the Cloud Run setup by adding the Service Account User role to the Github Actions service account, typically used to run Terraform in other repositories.

Resolves cal-itp/cal-bc#37

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation

How has this been tested?

terraform plan

Post-merge follow-ups

• No action required
• Actions required (specified below)

Monitor terraform apply

[github-actions]

Terraform plan in iac/cal-itp-data-infra-staging/iam/us

Plan: 2 to add, 0 to change, 0 to destroy.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+   create

Terraform will perform the following actions:

  # google_project_iam_member.github-actions-service-account["roles/iam.serviceAccountUser"] will be created
+   resource "google_project_iam_member" "github-actions-service-account" {
+       etag    = (known after apply)
+       id      = (known after apply)
+       member  = "serviceAccount:github-actions-service-account@cal-itp-data-infra-staging.iam.gserviceaccount.com"
+       project = "cal-itp-data-infra-staging"
+       role    = "roles/iam.serviceAccountUser"
    }

  # google_project_iam_member.github-actions-terraform["roles/iam.serviceAccountUser"] will be created
+   resource "google_project_iam_member" "github-actions-terraform" {
+       etag    = (known after apply)
+       id      = (known after apply)
+       member  = "serviceAccount:github-actions-terraform@cal-itp-data-infra-staging.iam.gserviceaccount.com"
+       project = "cal-itp-data-infra-staging"
+       role    = "roles/iam.serviceAccountUser"
    }

Plan: 2 to add, 0 to change, 0 to destroy.

📝 Plan generated in Terraform Plan #589