feat: Turn on CloudIdentityMembership direct controller

[gemmahou]

Change description

Based off of #4814, turn on CloudIdentityMembership direct controller

Special notes for your reviewer:

Test I've done:

• E2E test to verify there's no changes to the created resource, after the switch from DCL to direct: CloudIdentity Sci-fi migration test coverage one-pager

• PR to add comments and additional scenarios test to CloudIdentityMembership: tests: Add comments to CloudIdentity scenarios tests #4835

CloudIdentityMembership is considered a 'Important' tier in Joyce's analysis, so we have test coverage for all fields in our fixtures test, dynamic test and acquisition in our scenarios test.

Does this PR add something which needs to be 'release noted'?

## Reconciliation Improvements

* [`CloudIdentityMembership`](https://cloud.google.com/config-connector/docs/reference/resource-docs/cloudidentity/cloudidentitymembership)

    * All CloudIdentityMembership types are now reconciled using the new direct controller (instead of the legacy DCL-based controller). The previous "opt-in" annotation (documented [here](https://github.com/GoogleCloudPlatform/k8s-config-connector/blob/master/docs/features/optin.md)) no longer applies. Users no longer need to apply the "opt-in" annotation to CloudIdentityMembership resources to enable the direct controller. Regardless of the presence (or absence) of an opt-in annotation on CloudIdentityMembership resources, the direct reconciler will be used.

• Reviewer reviewed release note.

Additional documentation e.g., references, usage docs, etc.:

Intended Milestone

Please indicate the intended milestone.

• Reviewer tagged PR with the actual milestone.

Tests you have done

• Run make ready-pr to ensure this PR is ready for review.
• Perform necessary E2E testing for changed resources.

[acpana]

This LGTM! I don't have as much context as @yuwenma but I'd say to keep an eye on the postsubmits 💯

/lgtm
/approve

(happy yo re-lgtm if you need to rebase) 📚

[yuwenma]

can we add the test to verify existing TF-based CloudIdentityMembership can smoothly migrate to the direct approach (without any user actions)

[gemmahou]

can we add the test to verify existing TF-based CloudIdentityMembership can smoothly migrate to the direct approach (without any user actions)

Yeah I also added this doc in the PR description: https://docs.google.com/document/d/1zaR2XNbG9Fw81TSuOpzmtowoyHj0YZfvc06ezgHWXFk/edit?resourcekey=0-h8xZEMPhxDBK73Fc4PB1KQ&tab=t.0#heading=h.yhpu0rq5gyd7

[yuwenma]

/lgtm

[yuwenma]

/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: acpana, yuwenma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [yuwenma]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment