Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes

In order to prevent unnecessary project ownership assignments to users or service-accounts and further misuses of projects and resources, all roles/Owner assignments should be monitored. Members (users or service-accounts) with a role assignment to primitive role roles/Owner are project owners.The project owner has all the privileges on the project the role belongs to. These are summarized below: - All viewer permissions on all GCP Services within the project - Permissions for actions that modify the state of all GCP services within the project - Manage roles and permissions for a project and all resources within the project - Set up billing for a project Granting the owner role to a member (user or Service-Account) will allow that member to modify the Identity and Access Management (IAM) policy. Therefore, grant the owner role only if the member has a legitimate purpose to manage the IAM policy. This is because the project IAM policy contains sensitive access control data. Having a minimal set of users allowed to manage IAM policy will simplify any auditing that may be necessary.