Add support for google_organization_service_identity resource

[juliocc]

This PR adds support for the google_organization_service_identity resource.

It allows to generate and retrieve the email address of Google-managed service agents at the Organization scope, completing the hierarchy alongside the existing google_project_service_identity and google_folder_service_identity resources.

The implementation relies on the Service Usage API endpoint:
organizations/{organization}/services/{service}:generateServiceIdentity

All files are handwritten templates based in mmv1/third_party/terraform/services/resourcemanager following standard conventions for similar identity models.

---

Note: This PR was drafted/generated using Gemini, then verified & tested directly by a human.

Release Note Template for Downstream PRs (will be copied)

`google_organization_service_identity` (beta)

[github-actions]

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@roaks3, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 4 files changed, 118 insertions(+))
google-beta provider: Diff ( 5 files changed, 314 insertions(+))

Missing service labels

The following new resources do not have corresponding service labels:

• google_organization_service_identity

If you believe this detection to be incorrect please raise the concern with your reviewer. Googlers: This error is safe to ignore once you've completed go/fix-missing-service-labels.
An override-missing-service-label label can be added to allow merging.

Errors

google provider:

• The diff processor failed to build. This is usually due to the downstream provider failing to compile.

[modular-magician]

Tests analytics

Total tests: 168
Passed tests: 137
Skipped tests: 30
Affected tests: 1

Click here to see the affected service packages

• resourcemanager

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccOrganizationServiceIdentity_basic

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccOrganizationServiceIdentity_basic [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test