feat: json key scopes in ImpersonatedServiceAccountCredentials

[bshaffer]

b/450324042

ImpersonatedAccountCredentials now respect the scopes field in the ADC JSON file. The following example credentials file would configure the targetScopes to be in the JSON field (if and only if explicit user scopes were not supplied):

$ cat $APPLICATION_DEFAULT_CREDENTIALS
{
    "type":"impersonated_service_account",
    "service_account_impersonation_url": "https://iamcredentials.googleapis.com/...",
    "scopes": ["scopeA", "scopeB"],
    "source_credentials": {
        "client_email":"clientemail@clientemail.com",
        "private_key":"-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----\n",
        "type":"service_account",
    }
}

When not configured, the defaultScopes will be used. This can be done manually as well when instantiating the credentials:

use Google\Auth\Credentials\ImpersonatedServiceAccountCredentials;
$userScopes = ['my-scope'];
$defaultScopes = ['https://www.googleapis.com/auth/cloud-platform'];
$jsonKey = json_decode(file_get_contents('/path/to/mycredentials.json'));

// If $userScopes are supplied, they will be used
// otherwise the "scopes" field in the JSON key will be used.
// If that's empty, then the $defaultScopes are used.
$impersonatedCreds = new ImpersonatedServiceAccountCredentials($userScopes, $jsonKey, null, $defaultScopes);