I have multiple GCP projects, one for each environment (dev, QA, staging, production, etc)
Is there a best practice for how those projects should be created in the first place? Should I manually create a separate project through the GCP console with a service account that has permission to create projects and then use that?
Should that same "master" service account also be used for all Pulumi operations (i.e. for creating all resources in all projects), or should I create a service account in each separate project and use those for Pulumi?