Setup a "plan" presubmit

This needs two separate PRS.

1. We should create a NEW identity in `iac/bootstrap` that's a project viewer and can be federated by pull requests presubmit (e.g. `ref:refs/heads/main` -> `:pull_request`). -- I may need to apply this once it lands, or add folks to ACLs.

1. We should add a presubmit like mono that posts the plan to the PR body.

cc @cpanato 