fix: Disable gcp_public_cidrs_access_enabled by default

[ciiiii]

Disable this flag to block access from random GCP VM when master_authorized_networks is configured

Google Cloud external IP addresses:
External IP addresses assigned to any VM used by any customer hosted on Google Cloud. Google Cloud owns these IP addresses. To learn more, see Where can I find Compute Engine IP ranges?
External IP addresses used by Google Cloud products such as Cloud Run or Cloud Run functions. Any client hosted on Google Cloud can instantiate these IP addresses. Google Cloud owns these IP addresses.
ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-isolation#ip-based_endpoints

TF plan changes

Terraform will perform the following actions:

  # module.sn_cluster.module.gke[0].google_container_cluster.primary will be updated in-place
  ~ resource "google_container_cluster" "primary" {
        id                                       = "projects/gcp-byoc-test/locations/us-west1/clusters/gcp-usw1-snc"
        name                                     = "gcp-usw1-snc"
        # (30 unchanged attributes hidden)

      ~ master_authorized_networks_config {
          ~ gcp_public_cidrs_access_enabled = true -> false

            # (2 unchanged blocks hidden)
        }

        # (24 unchanged blocks hidden)
    }

  # module.sn_cluster.module.gke[0].google_project_iam_member.cluster_service_account-metric_writer[0] will be created
  + resource "google_project_iam_member" "cluster_service_account-metric_writer" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:[email protected]"
      + project = "gcp-byoc-test"
      + role    = "roles/monitoring.metricWriter"
    }

  # module.sn_cluster.module.gke[0].google_project_iam_member.cluster_service_account-resourceMetadata-writer[0] will be created
  + resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" {
      + etag    = (known after apply)
      + id      = (known after apply)
      + member  = "serviceAccount:[email protected]"
      + project = "gcp-byoc-test"
      + role    = "roles/stackdriver.resourceMetadata.writer"
    }

  # module.sn_cluster.module.gke[0].random_string.cluster_service_account_suffix has moved to module.sn_cluster.module.gke[0].random_string.cluster_service_account_suffix[0]
    resource "random_string" "cluster_service_account_suffix" {
        id          = "qimo"
        # (11 unchanged attributes hidden)
    }

[maxsxu]

You may want to update the docs within this PR or using seperate docs PR, via the command terraform-docs markdown table --output-file README.md .