Is your feature request related to a problem? Please describe.
Kubernetes platforms on AWS and GKE allows pods to assume the IAM roles/service account by setting certain annotations on the ServiceAccount resource. In the background, this annotation will be used to inject the credentials required for the Pod to access internal services of the cloud platform.

In AWS EKS, it uses annotation: eks.amazonaws.com/role-arn
In GCP GKE, it uses annotation: iam.gke.io/gcp-service-account

Describe the solution you'd like
Add section inside the FeatureStore CRD to set configure the annotations for the ServiceAccount that will be created. Maybe can add it to featurestore.spec.services.offlineStore.serviceAccount.annotations.

edit: add specific to just offlineStore instead of directly under services

Describe alternatives you've considered
Manually adding the annotation to the created ServiceAccount resource after the FeatureStore has been created and the feast-operator has created the ServiceAccount.

Additional context
I dug around the feast-operator code and found this function that sets the metadata of the ServiceAccount. From this I think can be done to also add the annotations when specified in the FeatureStore CR spec.