leap, m2lines: Bucket public access update

[GeorgianaElena]

This allows specifying bucket public access as hub_cloud_permissions attribute to be consistent.

Also switches from google_storage_default_object_access_control to the google_storage_bucket_access_control resource for bucket public access.

I think the difference between the two resources is why #2732 didn't do what it should. The google_storage_default_object_access_control says that it's applied to a new object within a Google Cloud Storage bucket when no ACL was provided for that object, but the bucket and objects that were meant to be made public already existed and had acl defined for them. Hopefully this fixes it.

Todo:

• update public buckets docs

Fixes #2696

terraform plan output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
  - destroy

Terraform will perform the following actions:

  # google_storage_bucket_access_control.public_rule["prod.persistent-ro"] will be created
  + resource "google_storage_bucket_access_control" "public_rule" {
      + bucket = "leap-persistent-ro"
      + domain = (known after apply)
      + email  = (known after apply)
      + entity = "allUsers"
      + id     = (known after apply)
      + role   = "READER"
    }

  # google_storage_default_object_access_control.public_rule["persistent-ro"] will be destroyed
  # (because google_storage_default_object_access_control.public_rule is not in configuration)
  - resource "google_storage_default_object_access_control" "public_rule" {
      - bucket       = "leap-persistent-ro" -> null
      - entity       = "allUsers" -> null
      - generation   = 0 -> null
      - id           = "leap-persistent-ro/allUsers" -> null
      - project_team = [] -> null
      - role         = "READER" -> null
    }

Plan: 1 to add, 0 to change, 1 to destroy.

[sgibson91]

LGTM - would be good to add some docs for this as well