feat: Support scopes from impersonated JSON

[sai-sunder-s]

Description

scopes field is a recent addition to the impersonated credential json. Example JSON:

{
  "delegates": [],
  "scopes": [
    "https://www.googleapis.com/auth/drive"
  ],
  "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-account-email@project-name.iam.gserviceaccount.com:generateAccessToken",
  "source_credentials": {
    "client_id": "oauth_client_id",
    "client_secret": "oauth_client_secret",
    "refresh_token": "user_refresh_token",
    "type": "authorized_user",
    "universe_domain": "googleapis.com"
  },
  "type": "impersonated_service_account"
}

This json is generated from gcloud auth application-default login --impersonate-service-account <sa_email> --scopes <list of scopes>.

When user generates a json with scopes, they expect it to be used for the impersonated token, unless a different scope is requested through code.

Impact

scopes field will be honored.

Testing

Unit tests added for coverage

Checklist

• Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
• Ensure the tests and linter pass
• Code coverage does not decrease
• Appropriate docs were updated
• Appropriate comments were added, particularly in complex areas or places that require background
• No new warnings or issues will be generated from this change

Fixes #issue_number_goes_here 🦕