Add a new 'Permissions' API field to GCP provider spec. 'Permissions' is the list of GCP permissions required to create a more fine-grained custom role to satisfy the CredentialsRequest. When both 'Permissions' and 'PredefinedRoles' are specified, the service account should have a union of permissions from both the fields.