feat: set x-goog-user-project header, with quota_project from default credentials

[bcoe]

If the quota_project parameter is set, kicks it along in the request header x-goog-user-project.

[broady]

A comment about why it's not the other way around, i.e.
Object.assign({}, ..., headers)

[alexander-fenster]

If client.getRequestHeaders() always returns an object, the whole Object.assign can be removed and replaced with a simple assignment :)

[bcoe]

I tend to agree that headers should take precedence if set explicitly, I've updated the PR and added a comment.

[bcoe]

I've noticed a few bugs in our auth library in my time working on it, caused by passing an object by reference and than modifying the object, e.g., deleting a key.

I've been being defensive by creating shallow copies with Object.assign({}), something worth thinking about in API design would be starting to Object.freeze objects that we don't wish for users to modify, at which point it forces people to make copies, but you can pass the object around if you do not need to mutate it.

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@558677f). Click here to learn what that means.
The diff coverage is 100%.

@@            Coverage Diff            @@
##             master     #829   +/-   ##
=========================================
  Coverage          ?   84.93%           
=========================================
  Files             ?       17           
  Lines             ?      956           
  Branches          ?      214           
=========================================
  Hits              ?      812           
  Misses            ?       86           
  Partials          ?       58

Impacted Files	Coverage Δ
src/auth/googleauth.ts	86.83% <100%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 558677f...2b4c84f. Read the comment docs.