Allow IAP configuration with default IdP

Load balancers can be configured with IAP-enabled backends.
They can either be configured to use external Identity Providers (IdP)
or to use Cloud Identity. The latter is the default and is used when
the OAuth2 parameters are not specified.

The iap_config parameter in the backend_service_configs variable
already supported the external IdP option, but did not support the
default one.

modules/net-lb-app-ext/variables-backend-service.tf

@@ -98,8 +98,8 @@ variable "backend_service_configs" {
       }))
     }))
     iap_config = optional(object({
-      oauth2_client_id            = string
-      oauth2_client_secret        = string
+      oauth2_client_id            = optional(string)
+      oauth2_client_secret        = optional(string)
       oauth2_client_secret_sha256 = optional(string)
     }))
     locality_lb_policies = optional(list(object({