It appears that the Eventarc Service Agent is added once the call is made to add the trigger. I have seen issues logged in the Terraform Provider repo: https://github.com/hashicorp/terraform-provider-google/issues/14584 If I rerun the Pulumi code after the failure, the Eventarc trigger is successfully added to the Workflow, which is fine for my usecase at the moment.

I am unsure why Google is not creating the Eventarc Service Agent account after enabling the Eventarc API. I tested this with ever-increasing timeouts, and it definitely is an issue Anyway, I went ahead and created the Service Agent myself and I am able to add the Eventarc Trigger:

eventarc_api = projects.Service(
        "eventarc-api-service",
        project=project.project_id, 
        service="<http://eventarc.googleapis.com|eventarc.googleapis.com>",
        disable_dependent_services=True
)
pulumi.export('eventarc_api.id', eventarc_api.id)

eventarc_service_agent = projects.ServiceIdentity("eventarc-service-agent",
        project=project.project_id,
        service="<http://eventarc.googleapis.com|eventarc.googleapis.com>",
        opts=pulumi.ResourceOptions(depends_on=[eventarc_api])
)
pulumi.export ("eventarc_service_agent.email", eventarc_service_agent.email)

eventarc_service_agent_user = projects.IAMMember("eventarc-service-agent-user",
        project=project.project_id,
        role="roles/eventarc.serviceAgent",
        member=eventarc_service_agent.email.apply(lambda email: f"serviceAccount:{email}")
)
pulumi.export ("eventarc_service_agent_user.id", eventarc_service_agent_user.id)