idtoken: simplify usage of `authorized_user` user credentials

[howardjohn]

Is your feature request related to a problem? Please describe.
I would like to support authorized_user and other methods of obtaining an idtoken. However, with the standard flow this fails with authorized_user, use idtoken::user_account::Builder directly.. But, If I want to use user_account::Builder , I need to get the authorized_user json value. The library uses load_adc for this, but htis is a private method.

This means in order to do this, I need to re-implement load_adc.

Describe the solution you'd like
Allow a method to do this automatically for me, or at least expose a mechanism to read the authorized_user json value from ADC

Describe alternatives you've considered
Copy+paste the private code

Additional context
Add any other context or screenshots about the feature request here.

[alvarowolfx]

thanks for the report @howardjohn. The issue of supporting authorized_user credentials via ADC, is that user credentials don't support setting an audience (the audience is always the client_id basically), which is one of main points of generating id tokens. That could lead to some confusion since the expectation could be that those id tokens generated from such IdTokenCredential is gonna be for the given audience that was set, which is not gonna be the case if there is a user credential in ADC. Our recommendation when developing a feature locally and you have ADC set with user credentials, you can use impersonation, so your ADC cred will be able to work with id tokens and setting the audience.

$ gcloud auth application-default login --impersonate-service-account {service-account-id}@{project-id}.iam.gserviceaccount.com

[howardjohn]

Yeah it makes sense to me its not implicitly allowed, but in order to use authorized_user idtokens you basically need to re-implement all of the ADC parsing. So it would be nice to at least allow a way to do that with the library.