1. Proposed title of this feature request
Support Custom KMS Keys shared from other projects

2. What is the nature and description of the request?
When provisioning an OSD cluster on GCP, where we currently take a Custom KMS key, that key can currently only belong to the same GCP project as the one in which we are deploying the cluster's VMs.

Instead, we should be able to correctly handle the case where the key is shared from a different project.

3. Why does the customer need this? (List the business requirements here)

Customers need key sharing for the same reason they need VPC sharing: to centralize governance of keys in a single project. Such governance includes policy, auditing, and automation, to ensure compliance.

When a customer, especially one with a large cloud footprint, has standardized key sharing as part of their compliance controls, they are often unable to make exceptions for one-off keys in individual projects for something like OSD. Such customers are blocked from using OSD completely.

4. List any affected packages or components.
Per ckandaga, at minimum, the preflight checks in OCM currently need to be changed. Beyond that, this ripples into Hive, the OCP installer, and the various layers of OCP that provision machines and nodes. It is unclear whether all of them support keys shared from other projects.