FAST CICD service account for TF plan lack of storage object create permission

[mlutx]

Describe the bug

FAST

When tried to use CICD github action workflow to run any phases without initially running it without an existing TF state file will get a permission denied error.

This is because the TF state file has never been created, the Terraform Plan workflow uses a service account which does not have permission to create the file.

We need either advise the users that they must manually run each phase at least once before switch to Github Action CICD workflow, or grant the '-r' service account permission to create the TF state bucket.

Environment

1.7.4

output from `git rev-parse --short HEAD`

To Reproduce

1. create a repo for networking or security phase and populate the code without running terraform locally;
2. add them to resman's cicd_repositories variable
3. add the generated workflow files to the networking or security repo's .github/workflows directory
4. create PR to trigger a TF plan build, you will see the error above.

Expected behavior

Either document that CICD workflow cannot be run without first manually run the Terraform init locally with a user/service account that can create the TF state file, or find an alternate solution to pre-populate an empty TF state file during reman CICD initialization.

Result

writing "gs://<prefix>-prod-resman-net-0/default.tflock" failed: googleapi: Error 403: <prefix>-prod-resman-net-0r@<prefix>-prod-iac-core-0.iam.gserviceaccount.com does not have storage.objects.create access to the Google Cloud Storage object. Permission 'storage.objects.create' denied on resource (or it may not exist)., forbidden

Additional context
Add any other context about the problem here.

This issue affects all phases that use a read-only service account to run TF plan before the state file was created.

[ludoo]

Can you send a PR with wording advising to switch to a ci/cd setup only after an initial run?