Incorrect logic in CIS 1.09

[dboeke]

Describe the bug
Separation of duties is being incorrectly calculated by the SQL in CIS 1.09

The SQL statement selects 2 groups of users and then creates an alarm if the same user appears in both groups. However, the current query guarantees that anyone in group A (kms_admin_users) is also in group B (kms_encrypt_decrypt_users):

See:

steampipe-mod-gcp-compliance/query/kms/kms_key_separation_of_duties_enforced.sql

Line 27 in 6acccf9

where assigned_role in ('roles/cloudkms.admin', 'roles/cloudkms.cryptoKeyEncrypterDecrypter', 'roles/cloudkms.cryptoKeyEncrypter', 'roles/cloudkms.cryptoKeyDecrypter')