Document that var.grant_registry_access supports artifact registry

[jmymy]

Artifact Registry improves and extends upon the existing capabilities of Container Registry, such as customer-managed encryption keys, VPC-SC support, Pub/Sub notifications, and more, providing a foundation for major upgrades in security, scalability, and control. While Container Registry is still available and will continue to be supported as a Google Enterprise API, going forward new features will only be available in Artifact Registry, and Container Registry will only receive critical security fixes.

• new API to enable - artifactregistry.googleapis.com
• The registry must exist before applying IAM
• roles/artifactregistry.reader is the IAM role needed.
• need to decide on what to do on the default behavior of the var.grant_registry_access = true and no var.registry_project_ids provided, in the past, it would use the current project as the location to add iam
• Support KMS and CMEK in the IAM permissions for the service_account for the custer?

[morgante]

This was already implemented in #719. Is it not working for you?

[jmymy]

And there it is!

Looks like this isn't mentioned in the readme? Only mentions the old behavior

[bharathkkb]

We should update the docs to reflect this