Narrow down permissions, owner is too much

The service account needs an `owner` role to run, which is not reasonable to ask for. It's very risky and many customers won't be able to provision it, even in dev environments.

A solution would be to give least-privilege permissions to it in order to prevent accidents. It could also be created using the terraform as well.