Add support for granting permissions to apache kafka service agent

Managed Kafka service agent needs roles/managedkafka.serviceAgent on the subnet.

modules/shared_vpc_access/main.tf

@@ -58,6 +58,10 @@ locals {
       service_account = format("service-%[email protected]", local.service_project_number)
       role            = "roles/compute.networkUser"
     }
+    "managedkafka.googleapis.com" : {
+      service_account = format("service-%[email protected]", local.service_project_number)
+      role            = "roles/managedkafka.serviceAgent"
+    }
   }
   gke_shared_vpc_enabled        = contains(var.active_apis, "container.googleapis.com")
   composer_shared_vpc_enabled   = contains(var.active_apis, "composer.googleapis.com")