A user running Zuul in the Google cloud may want to use service
accounts to authenticate to Gerrit. Notably, the Gerrit project
itself operates in this manner. Therefore, add support for
using the default service account to access Gerrit.
It is also very likely that a user may not want to expose a
service account with Gerrit credentials to the executors.
Therefore, we can not assume that they will have access to the
same service account. Therefore if the gloud_service auth type
is specified for a Gerrit connection, we will only use anonymous
HTTP access for the git repositories.
This restriction is not ideal, and may be able to be removed later
if we find an out-of-band method of communicating a service account
token to the executor in a manner that would not make it available
to jobs running on it.
Change-Id: I02bc3219018278d517bc3ae6f1ac0be22ef7c0ed
b5a4d44645