Documentation recommends creating Google Cloud Service account keys and passing the key to createResellerService[1]. This appears not to be best practice from a security perspective[2]. Are there other keyless authentication options like Workload ID ...