Adding common sign_blob() service account types.

[dhermes]

Also adding service_account_email() property.

See googleapis/google-cloud-python#922 for some details on why sign_blob won't work on GCE.

I'm a bit worried about service_account_id on the GAE credentials class. In the implementation it seems to be almost synonymous with the svc. account email / name, but not quite (i.e. there may be some legacy behavior). ISTM the reason it's in the constructor is so that it could be passed to app_identity. Anyhow, our service_account_name could either shadow or conflict with service_account_id if a user passed one in. Though I don't imagine anyone in the history of this library has passed in a value for service_account_id.

Context: We use these utilities in a haphazard way in gcloud-python when creating a signed URL (for cloud storage objects). This just puts the auth utils in the auth library in a unified way.

/cc @tseaver @jgeewax @jonparrott

[dhermes]

@nathanielmanistaatgoogle Removed the abstract service_account_email property. What remains to be reviewed?

[nathanielmanistaatgoogle]

(Completed a full review pass.)

[nathanielmanistaatgoogle]

Looks good except for the copied-and-pasted doc strings.

(EDIT: Oops, and your comment about RuntimeError to which I've just now responded.)

[dhermes]

@nathanielmanistaatgoogle See the 4th commit for the "implements" note.

[nathanielmanistaatgoogle]

All looks great; squash and merge. Thanks for the conversation.

[dhermes]

👍 Will wait to merge until Travis is done in 10 hours.