use cloud run bindings for cf v2 invoker role, refactor iam handling in cf v2 and cloud run (#1609)

tests/modules/cloud_function_v2/examples/iam.yaml

@@ -13,17 +13,37 @@
 # limitations under the License.
 
 values:
-  module.cf-http.google_cloudfunctions2_function_iam_binding.default["roles/cloudfunctions.invoker"]:
-    cloud_function: test-cf-http
+  module.cf-http.google_cloud_run_service_iam_binding.invoker[0]:
     condition: []
     location: europe-west1
     members:
     - allUsers
     project: my-project
-    role: roles/cloudfunctions.invoker
+    role: roles/run.invoker
+    service: test-cf-http
+  module.cf-http.google_cloudfunctions2_function.function: {}
+  module.cf-http.google_storage_bucket_object.bundle:
+    bucket: test-cf-bundles
+    cache_control: null
+    content: null
+    content_disposition: null
+    content_encoding: null
+    content_language: null
+    customer_encryption: []
+    detect_md5hash: different hash
+    event_based_hold: null
+    metadata: null
+    name: bundle-6f1ece136848fee658e335b05fe2d79d.zip
+    source: bundle.zip
+    temporary_hold: null
+    timeouts: null
 
 counts:
+  google_cloud_run_service_iam_binding: 1
   google_cloudfunctions2_function: 1
   google_storage_bucket_object: 1
   modules: 1
   resources: 3
+
+outputs: {}
+