Add support for the metricsGcpServiceAccountEmail field in ConfigManagement Fleet-level default config (GoogleCloudPlatform#12681)

Author: terlar

mmv1/products/gkehub2/Feature.yaml

@@ -283,6 +283,9 @@ properties:
               - name: 'preventDrift'
                 type: Boolean
                 description: 'Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.'
+              - name: 'metricsGcpServiceAccountEmail'
+                type: String
+                description: 'The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.'
               - name: 'git'
                 type: NestedObject
                 description: 'Git repo configuration for the cluster'

mmv1/third_party/terraform/services/gkehub2/resource_gke_hub_feature_test.go.tmpl

@@ -579,6 +579,7 @@ resource "google_gke_hub_feature" "feature" {
         enabled = true
         prevent_drift = true
         source_format = "unstructured"
+        metrics_gcp_service_account_email = "[email protected]"
         oci {
           sync_repo = "us-central1-docker.pkg.dev/corp-gke-build-artifacts/acm/configs:latest"
           policy_dir = "/acm/nonprod-root/"