The retries make debugging strictly more complex, and it's not clear
that retrying provides actual value. If we need retries in the future,
we should push them down into the per-API level.
This adds a new authentication mode, Direct Workload Identity
Federation. This new mode permits authenticating to Google Cloud
directly using the GitHub Actions OIDC token instead of proxying through
a Google Cloud Service Account.
This changes the default behavior to enable retries. Retry logic has
existed for awhile, but required direct user action to enable. This
enables 3 retries with a fibonacci backoff of 250ms by default to handle
transient communication errors with upstream APIs.
This allows users to opt-out of exporting environment variables. This might be helpful if they **don't** want future steps to be authenticated, or if the exported environment variables conflict with other values.
* Support id token generation
* Fix id_token_audience validation
* Add id_token_audience to test workflow
* Generate dist/index.js for id token support
