Ensures that no users have the KMS admin role and any one of the CryptoKey roles.
Ensuring that no users have the KMS admin role and any one of the CryptoKey roles follows separation of duties, where no user should have access to resources out of the scope of duty.
Ensure that no service accounts have both the KMS admin role and any of CryptoKey roles attached.