Add 'secretmanager.versions.access' to Terraform service account to be able to set up Composer variables

[#4363]

Author: erikamov

iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf

@@ -232,6 +232,7 @@ resource "google_project_iam_member" "github-actions-terraform" {
     "roles/resourcemanager.projectIamAdmin",
     "roles/run.admin",
     "roles/storage.admin",
+    "roles/secretmanager.secretAccessor",
   ])
   role    = each.key
   member  = "serviceAccount:${google_service_account.github-actions-terraform.email}"

iac/cal-itp-data-infra/iam/us/project_iam_member.tf

@@ -558,7 +558,8 @@ resource "google_project_iam_member" "github-actions-terraform" {
     "roles/iam.workloadIdentityPoolAdmin",
     "roles/editor",
     "roles/storage.admin",
-    "roles/logging.configWriter"
+    "roles/logging.configWriter",
+    "roles/secretmanager.secretAccessor",
   ])
   role    = each.key
   member  = "serviceAccount:${google_service_account.github-actions-terraform.email}"