For PKIX and JWT keys, generate the key id automatically in NewPublicKey() whenever keyID is left blank. The generated ID should be based on the DER encoding of the public key.
Reference: https://cloud.google.com/binary-authorization/docs/reference/rest/v1/projects.attestors#attestorpublickey