feat!: Deduplicate IAM for cloudservices service agent

[gorge511]

BREAKING CHANGE: Terraform will remove the IAM for cloudservices service agent and return it on the next run. Can be avoided with removing all the duplicated IAM resources from terraform state manually.

Previous code was creating duplicated IAM for cloudservices service agent. It doesn't matter when creating, but it matters when removing api from active apis list. Then it remove all the IAM for the cloudservices service agent and it gets fixed only with subsequent terraform apply.

See the plan below with two active apis. It creates two identical iam_member resources.

# module.shared_vpc_access.google_compute_subnetwork_iam_member.cloudservices_shared_vpc_subnet_users[0] will be created
+ resource "google_compute_subnetwork_iam_member" "cloudservices_shared_vpc_subnet_users" {
    + etag       = (known after apply)
    + id         = (known after apply)
    + member     = "serviceAccount:[email protected]"
    + project    = "my-host-project-1234"
    + region     = "europe-west1"
    + role       = "roles/compute.networkUser"
    + subnetwork = "subnet1"
  }
# module.shared_vpc_access.google_compute_subnetwork_iam_member.cloudservices_shared_vpc_subnet_users[1] will be created
+ resource "google_compute_subnetwork_iam_member" "cloudservices_shared_vpc_subnet_users" {
    + etag       = (known after apply)
    + id         = (known after apply)
    + member     = "serviceAccount:[email protected]"
    + project    = "my-host-project-1234"
    + region     = "europe-west1"
    + role       = "roles/compute.networkUser"
    + subnetwork = "subnet1"
  }