Add warning notes for field loginHint and gcipSettings in IAP Settings. (#12678)

Author: bryan0515

mmv1/products/iap/Settings.yaml

@@ -74,6 +74,7 @@ properties:
         type: NestedObject
         description: |
           GCIP claims and endpoint configurations for 3p identity providers.
+          * Enabling gcipSetting significantly changes the way IAP authenticates users. Identity Platform does not support IAM, so IAP will not enforce any IAM policies for requests to your application.
         properties:
           - name: 'tenantIds'
             type: Array
@@ -114,6 +115,7 @@ properties:
               (https://developers.google.com/identity/protocols/OpenIDConnect#hd-param)
               Note: IAP does not verify that the id token's hd claim matches this value
               since access behavior is managed by IAM policies.
+              * loginHint setting is not a replacement for access control. Always enforce an appropriate access policy if you want to restrict access to users outside your domain.
           - name: 'programmaticClients'
             type: Array
             description: |