fix: Client library credentials provide correct self-signed JWT and external account behavior when loading from a file path or JSON data

[dazuma]

The Google::Auth::Credentials class (used by GAPICs) didn't use the normal make_creds mechanism used by the rest of the auth system, and thus didn't construct the correct subclass of Signet::OAuth2::Client when reading from a custom file path or a custom hash. Instead, it just constructed an instance of the Signet::OAuth2::Client base class and hoped for the best. As a result, some key features that were implemented in subclasses were not working, including self-signed JWT authentication, and pretty much all of external credentials.

This change delegates back to make_creds instead of constructing the Signet::OAuth2::Client base class. This also allows us to remove some of the client options mapping being done (which was duplicating code in Google::Auth::ServiceAccountCredetials). Finally, we clean up some of the use of string vs symbol keys in options hashes to ensure the correct options are passed in and recognized.

The bulk of this change is actually in the test. Previously, the test relied on mocking out Signet itself, which the previous code got away with because it always called the Signet base class directly. Now that we are constructing subclasses via other code paths, we cannot just mock out Signet. Instead we allow the full credentials object to be constructed. This means, in a few cases, we needed to simulate a few more environment variables and/or mock out http requests.

Fixes #466.
Also fixes the case when credentials are passed by file path in a non-google universe domain (which requires self signed JWT).