Include cluster name in k8s Service Account name for Workload Identity

[grac3gao-zz]

Describe the bug
When enable Workload Identity, reconciler will create a k8s Service Account, the k8s SA's name is the same as corresponding Google Cloud Service Account.

knative-gcp/pkg/reconciler/identity/resources/service_account.go

Line 31 in 45d9dbd

func GenerateServiceAccountName(gServiceAccount string) string {

More details about reconciler logic for workload identity: https://github.com/google/knative-gcp/blob/master/docs/install/pubsub-service-account.md

It is better to make k8s SA use name like googleServiceAccount + cluster name.
We can use cluster, _ := metadata.InstanceAttributeValue("cluster-name") to get cluster name, and clusterName is also an optional value in ObjectMeta.

Expected behavior
Include cluster name in k8s Service Account name for Workload Identity

[grantr]

clusterName is also an optional value in ObjectMeta

Thanks for pointing this out @grac3gao! That gave me an idea that we should set this automatically in the webhook for all objects. Opened #735 for that.

[grantr]

/kind good-first-issue

[grac3gao-zz]

It would be better to fix #735 together with this issue. If #735 is fixed, which means all cloud run resources on GKE would have a default non-empty metadata.clusterName, then we can only use ObjectMeta.getClusterName() to get cluster name.