With cirruslabs/cirrus-ci-docs#979 being supported from Cirrus, we should be unblocked to enable workload identity federation. This will enable us workloads access to Google Cloud resources without using a service account key which need renewal every 3 months.

Doc to configure Cirrus CI as an identity provider: https://github.com/cirruslabs/cirrus-ci-docs/blob/master/docs/guide/supported-computing-services.md#workload-identity-federation
Google cloud doc: https://cloud.google.com/iam/docs/workload-identity-federation#impersonation

After that, we need to update the gcp_credentials in different repositories' .cirrus.yaml.