fix(acm)!: prevent conflicts in IAM binding

[evenh]

When using both config sync and policy controller the existing binding resources conflicts with each other and causes a constant diff.

This PR will cause a diff in existing configurations, but when applying it should actually apply the the binding to both members resulting in the intended outcome and no further diffs.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[apeabody]

/gcbrun

[apeabody]

Thanks for the contribution @evenh, relevant output from LINT:

Running terraform fmt
modules/acm/creds.tf
--- old/modules/acm/creds.tf
+++ new/modules/acm/creds.tf
@@ -44,7 +44,7 @@
   role               = "roles/iam.workloadIdentityUser"
 
   members = [
-    for ksa in local.iam_ksa_binding_members :"serviceAccount:${var.project_id}.svc.id.goog[${ksa}]"
+    for ksa in local.iam_ksa_binding_members : "serviceAccount:${var.project_id}.svc.id.goog[${ksa}]"
   ]
 
   depends_on = [google_gke_hub_feature_membership.main]
Error: terraform fmt failed with exit code 3

[apeabody]

/gcbrun

[apeabody]

My suspicion is the failing INT is unrelated.

[evenh]

I don't have insight into the integration tests but I hope it is unrelated

[apeabody]

re-triggering CI

[apeabody]

Thanks for the contribution @evenh!