You are designing a new multi-tenant Google Kubernetes Engine (GKE) cluster for a customer who is concerned about risks from long-lived credentials. The customer mandates that each GKE workload should have the minimal Identity and Access Management (IAM) permissions, adhering to the principle of least privilege (PoLP). You must design an IAM impersonation solution while following Google's best practices. What is the correct approach?