Initial support for delegated admin service accounts (DASA)

Google now allows GCP service accounts to be granted delegated admin status for a G Suite domain.
To use this, admins can grant the service account email address delegated admin rights in the admin console
and then set some environment variables for GAM to use:

OAUTHFILE=oauth2service.json
GA_DOMAIN=example.com   # your primary domain name in Google
CUSTOMER_ID=1d80dfc     # admin.google.com > Account > Account settings > Customer ID

src/gam/auth/__init__.py

@@ -1,5 +1,11 @@
 """Authentication/Credentials general purpose and convenience methods."""
 
+import json
+import os
+import time
+
+from google.auth.jwt import Credentials as JWTCredentials
+
 from gam.auth import oauth
 from gam.var import _FN_OAUTH2_TXT
 from gam.var import GC_OAUTH2_TXT
@@ -20,7 +26,16 @@ def get_admin_credentials_filename():
     return DEFAULT_OAUTH_STORAGE_FILE
 
 
-def get_admin_credentials():
+def get_admin_credentials(api=None):
     """Gets oauth.Credentials that are authenticated as the domain's admin user."""
     credential_file = get_admin_credentials_filename()
-    return oauth.Credentials.from_credentials_file(credential_file)
+    if not os.path.isfile(credential_file):
+        raise oauth.InvalidCredentialsFileError
+    with open(credential_file, 'r') as f:
+        creds_data = json.load(f)
+    if 'token' in creds_data:
+        return oauth.Credentials.from_credentials_file(credential_file)
+    elif 'private_key' in creds_data:
+        audience = f'https://{api}.googleapis.com/'
+        return JWTCredentials.from_service_account_info(creds_data,
+                                                        audience=audience)