JupyterHub service account is missing GCS related roles

When I tried to run JupyterHub backed by a GCSFuse, I ran into this error from JupyterHub:

2024-03-22T18:48:02Z [Warning] MountVolume.SetUp failed for volume "gcs-fuse-csi-ephemeral" : rpc error: code = PermissionDenied desc = failed to get GCS bucket "gcsfuse-admin": googleapi: Error 403: jupyter-sa@<project-id>.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist)., forbidden

It looks like the predefined roles are missing GCS related roles:

ai-on-gke/modules/jupyter/variables.tf

Lines 54 to 59 in 5a80eb2

    
           # TODO review all permissions 
        
           variable "predefined_iam_roles" { 
        
             description = "Predefined list of IAM roles to assign" 
        
             type        = list(string) 
        
             default     = ["roles/compute.networkViewer", "roles/viewer", "roles/cloudsql.client", "roles/artifactregistry.reader", "roles/storage.admin", "roles/iam.serviceAccountAdmin", "roles/compute.loadBalancerServiceUser", "roles/iam.serviceAccountTokenCreator"] 
        
           }

@chiayi can you take a look? cc @imreddy13

	# TODO review all permissions
	variable "predefined_iam_roles" {
	description = "Predefined list of IAM roles to assign"
	type = list(string)
	default = ["roles/compute.networkViewer", "roles/viewer", "roles/cloudsql.client", "roles/artifactregistry.reader", "roles/storage.admin", "roles/iam.serviceAccountAdmin", "roles/compute.loadBalancerServiceUser", "roles/iam.serviceAccountTokenCreator"]
	}