1. Proposed title of this feature request
Workload identity to support GCS bucket

2. What is the nature and description of the request?
Right now Quay is pushing images to the GCS bucket via HMAC keys and the request is to support Workload identity, so that authentication will be handled through short-living tokens.

3. Why does the customer need this? (List the business requirements here)
Per the customer's organization policy they need to leverage zero trust capabilities of GCP were available, not being able to use WIF would force the customer to create GCP service accounts keys, and/or HMAC keys, thus we are blocked from moving forward with deploying Red Hat Quay.

4. List any affected packages or components.
Quay
WIF

https://cloud.google.com/iam/docs/workload-identity-federation
https://docs.openshift.com/container-platform/4.10/authentication/understanding-identity-provider.html