Fix TestAccEventarcGoogleChannelConfig_cryptoKeyUpdate to properly clean up

[roaks3]

fixes hashicorp/terraform-provider-google#12908

After making updates to the way we manage permissions during tests, we still saw issues with a few TestAccCloudfunctions2function* tests. It turns out TestAccEventarcGoogleChannelConfig_cryptoKeyUpdate was leaving a region-wide configuration on the project that enforced CMEK on all eventarc channels, which were being used in these cloudfunction tests. See https://cloud.google.com/eventarc/docs/use-cmek.

To fix our tests, I've updated TestAccEventarcGoogleChannelConfig_cryptoKeyUpdate to clean up its region-wide CMEK when it is finished. Note that this apparently does not happen automatically on destroy, which is why I needed an additional step to clear the config with an update.

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Generated Terraform providers, and ran make test and make lint in the generated providers to ensure it passes unit and linter tests.
• Ran relevant acceptance tests using my own Google Cloud project and credentials (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 1 file changed, 13 insertions(+))
Terraform Beta: Diff ( 1 file changed, 13 insertions(+))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2501
Passed tests 2235
Skipped tests: 263
Affected tests: 3

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccEventarcGoogleChannelConfig_cryptoKeyUpdate|TestAccHealthcareFhirStore_healthcareFhirStoreStreamingConfigExample|TestAccDataSourceDnsManagedZone_basic

Get to know how VCR tests work

[modular-magician]

Tests passed during RECORDING mode:
TestAccEventarcGoogleChannelConfig_cryptoKeyUpdate[Debug log]
TestAccHealthcareFhirStore_healthcareFhirStoreStreamingConfigExample[Debug log]

Tests failed during RECORDING mode:
TestAccDataSourceDnsManagedZone_basic[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[hao-nan-li]

I remember that crypto_keys could not be deleted at the end of the tests, and instead we had to create a new project and delete that project for clean-up purposes.

I assume that by setting this specific deletion step, there is a way for this particular API to take an empty value and make the deletion right? Just want to make sure.

[roaks3]

Yep, I was able to test and verify manually. For this eventarc "channel" API, you can set the crypto key that is used by sending a name, and clear it be sending "". Thanks for checking!

[hao-nan-li]

Sounds good, thanks for the confirmation.