rework infra setup

[weisertimo]

PR Description

This PR introduces the following changes to our GCP infrastructure:

• APIs: Enables Cloud Run, Artifact Registry, Cloud SQL, Secret Manager, Pub/Sub, BigQuery, IAM, Service Networking, and Compute APIs.
• IAM: Creates a dedicated service account and grants it necessary roles for Cloud SQL, Pub/Sub, and BigQuery.
• Secret Manager: Provisions secrets for session management and OAuth credentials with appropriate IAM bindings.
• Artifact Registry: Sets up a Docker repository with cleanup policies.
• BigQuery & Pub/Sub: Creates a BigQuery dataset and table, and a Pub/Sub topic/subscription that writes to BigQuery.
• Networking: Configures a VPC, subnetwork, managed SSL certificate (with environment suffix), firewall rules, and load balancer components.
• Cloud SQL: Provisions a PostgreSQL instance and creates a user with an auto-generated password.
• Cloud Run: Deploys a serverless Cloud Run service that connects to Cloud SQL, references secrets, and integrates with Pub/Sub.

Note: The OAuth client must be created manually in GCP.