postgres: lock down IAM access to single instance with IAM condition

[Starefossen]

It is possible to add IAM conditions to roles/cloudsql.client to lock down to a single instance like this resource.name == 'projects/abc123/instances/myinstance' && resource.type == 'sqladmin.googleapis.com/Instance'

[Kyrremann]

Litt doc: https://cloud.google.com/sql/docs/mysql/iam-conditions#allow_users_to_connect_to_specific_instances