(Opening the ticket to discuss how hard it will be to do or whether it makes sense at all or not).

I've just gone through the process of allowing some service account to upload logs to Fuchsia logdog project. It consists of two actions:
1. Adding the service account to appropriate pre-setup chrome-infra-auth group (to allow it to talk to the coordinator, I presume). This step is fine and natural enough.
2. Granting this service account PubSub Viewer and Publisher roles on projects/luci-logdog/topics/logs topic. This is not very good.

Doing (2) requires admin-level access to LogDog Cloud project. We also somewhat reduce isolation between projects (for example, Cloud Monitoring metrics for the topic are all mixed up). We also bill all PubSub storage to us.

An alternative way to do it is:
1. Ask customers to setup their own PubSub topic and a subscription for that topic in Cloud Project of their choosing. Ask customers to grant well-known logdog account Subscriber role in the subscription.
2. Ask customers to specify this PubSub subscription and topic full names in their luci-logdog.cfg config.
3. Make logdog butler to push to this topic and logdog service to pull from the subscription.

That way customers can easily add more producers without bothering logdog admins. They will also pay for transient PubSub storage (Pull calls will still bill to LogDog though). Each project will have its own dedicated PubSub monitoring and customers can see for themselves how much stuff they produce.

The downsides:
1. Code complexity. Collectors would need to learn the list of subscriptions to pull, and pull them in parallel.
2. We still have shared service at collector level and below. So projects are still not really isolated (one spammy project may affect all other projects).