feat: Add support for gVisor per node pool

[LukaszCzarnotaSabre]

Issue https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/240 was resolved but now all node pools needs to be with gVisor or non of them.

With this PR you are able to define sandbox_enabled variable per node pool, code is backward compatible.

[google-cla]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[LukaszCzarnotaSabre]

@googlebot I signed it!

[comment-bot-dev]

Thanks for the PR! 🚀
✅ Lint checks have passed.

[Jberlinsky]

@LukaszCzarnotaSabre Looks like this change is causing test failures:

Step #48 - "converge node-pool-local":        Error: Invalid index
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":          on ../../../modules/beta-public-cluster/cluster.tf line 423, in resource "google_container_node_pool" "pools":
Step #48 - "converge node-pool-local":         423:       for_each = tobool((lookup(each.value, "sandbox_enabled", ((local.cluster_sandbox_enabled[0] == "gvisor") ? true : false)))) ? ["gvisor"] : []
Step #48 - "converge node-pool-local":            ├────────────────
Step #48 - "converge node-pool-local":            │ local.cluster_sandbox_enabled is empty list of string
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":        The given key does not identify an element in this collection value: the
Step #48 - "converge node-pool-local":        collection has no elements.
Step #9 - "converge safer-cluster-local":        
Step #9 - "converge safer-cluster-local":        Error: Invalid index
Step #9 - "converge safer-cluster-local":        
Step #9 - "converge safer-cluster-local":          on ../../../modules/beta-private-cluster/cluster.tf line 442, in resource "google_container_node_pool" "pools":
Step #9 - "converge safer-cluster-local":         442:       for_each = tobool((lookup(each.value, "sandbox_enabled", ((local.cluster_sandbox_enabled[0] == "gvisor") ? true : false)))) ? ["gvisor"] : []
Step #9 - "converge safer-cluster-local":            ├────────────────
Step #9 - "converge safer-cluster-local":            │ local.cluster_sandbox_enabled is empty list of string
Step #9 - "converge safer-cluster-local":        
Step #9 - "converge safer-cluster-local":        The given key does not identify an element in this collection value: the
Step #9 - "converge safer-cluster-local":        collection has no elements.
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":        Error: Invalid index
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":          on ../../../modules/beta-public-cluster/cluster.tf line 423, in resource "google_container_node_pool" "pools":
Step #48 - "converge node-pool-local":         423:       for_each = tobool((lookup(each.value, "sandbox_enabled", ((local.cluster_sandbox_enabled[0] == "gvisor") ? true : false)))) ? ["gvisor"] : []
Step #48 - "converge node-pool-local":            ├────────────────
Step #48 - "converge node-pool-local":            │ local.cluster_sandbox_enabled is empty list of string
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":        The given key does not identify an element in this collection value: the
Step #48 - "converge node-pool-local":        collection has no elements.
Step #30 - "converge stub-domains-local":        google_compute_network.main: Creating...
Step #9 - "converge safer-cluster-local": >>>>>> Running the command `terraform apply -auto-approve -lock=true -lock-timeout=0s -input=false -no-color -parallelism=10 -refresh=true  ` failed due to a non-zero exit code of 1.
Step #9 - "converge safer-cluster-local": >>>>>> ------Exception-------
Step #9 - "converge safer-cluster-local": >>>>>> Class: Kitchen::ActionFailed
Step #9 - "converge safer-cluster-local": >>>>>> Message: 1 actions failed.
Step #9 - "converge safer-cluster-local": >>>>>>     Converge failed on instance <safer-cluster-local>.  Please see .kitchen/logs/safer-cluster-local.log for more details
Step #9 - "converge safer-cluster-local": >>>>>> ----------------------
Step #9 - "converge safer-cluster-local": >>>>>> Please see .kitchen/logs/kitchen.log for more details
Step #9 - "converge safer-cluster-local": >>>>>> Also try running `kitchen diagnose --all` for configuration
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":        Error: Invalid index
Step #48 - "converge node-pool-local":        
Step #48 - "converge node-pool-local":          on ../../../modules/beta-public-cluster/cluster.tf line 423, in resource "google_container_node_pool" "pools":
Step #48 - "converge node-pool-local":         423:       for_each = tobool((lookup(each.value, "sandbox_enabled", ((local.cluster_sandbox_enabled[0] == "gvisor") ? true : false)))) ? ["gvisor"] : []
Step #48 - "converge node-pool-local":            ├────────────────
Step #48 - "converge node-pool-local":            │ local.cluster_sandbox_enabled is empty list of string
Step #48 - "converge node-pool-local":        

Could you please update tests to make sure they're compliant with this change?

[bharathkkb]

Thanks for the PR! It would also be great to add this to one of our tests to make sure its WAI

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[bharathkkb]

@googlebot I consent.

[bharathkkb]

/cc @morgante for another pass since I have a commit in here