tests(iam-admin): add 90s warmup delay to prevent service account creation race condition

[blakeli0]

This PR addresses a transient propagation race condition in the java-iam-admin module's Terraform setup.

│ Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to
│ module.java_iam_admin.google_service_account.service_account, provider
│ "provider[\"registry.terraform.io/hashicorp/google\"]" produced an
│ unexpected new value: Root object was present, but now absent.
│ 

See the error log for details.

Previously, the google_service_account.service_account resource directly depended on the google_project_service.iam API activation without any warmup sleep. Since the IAM API activation requires global directory replication and backend propagation inside GCP, immediately attempting to create a service account after API activation frequently caused a transient "Provider produced inconsistent result" failure during terraform apply.

This fix adds a 90-second warmup delay (time_sleep) right after enabling the iam.googleapis.com service and before creating the service account. This matches the established best practices already utilized by other modules in this monorepo (like java-tasks, java-texttospeech, java-notification, and java-asset).

Verification

• Multi-module test suite runs this step in parallel, so the 90s sleep will be fully absorbed by other parallel 90s sleeps and will not increase multi-module test/release build execution time.
• Fixes the flakiness observed on release and monorepo presubmit runs.

[gemini-code-assist]

Code Review

This pull request introduces a 90-second delay using a time_sleep resource after enabling the IAM API to ensure it is fully operational before the service account is created. Feedback suggests adding a conditional count to the time_sleep resource so the delay only occurs when the API is actually being enabled by the Terraform configuration, preventing unnecessary wait times when the API is already active.

[gemini-code-assist]

The time_sleep resource should only be active when the IAM API is being enabled by this Terraform configuration. As currently implemented, it will introduce a 90-second delay during the initial terraform apply even if should_enable_apis_on_apply is set to false. Adding a count to match the google_project_service.iam resource ensures the delay only occurs when the API is actually being managed and enabled here.

resource "time_sleep" "for_90s_allowIamToFullyEnable" {
  count           = var.inputs.should_enable_apis_on_apply ? 1 : 0
  depends_on      = [google_project_service.iam]
  create_duration = "90s"
}