Add GCP OIDC token exchange for Google Artifact Registry

Add Google Artifact Registry as the fifth OIDC provider in the
Dependabot proxy, alongside Azure DevOps, AWS CodeArtifact, JFrog,
and Cloudsmith.

Token exchange flow:
- GitHub Actions OIDC JWT → Google STS token exchange
- Optional IAM Credentials generateAccessToken impersonation
  (when service-account is configured)
- Direct Workload Identity Federation when no service-account is present

Auth injection:
- Authorization: Bearer for most registry types (Maven, npm, Python, etc.)
- Basic oauth2accesstoken:<token> for Docker hosts (*-docker.pkg.dev)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: kbukum1