Watch this video on YouTube
How should you grant IAM permission to a serverless web application on Cloud Run for accessing images stored in a private Cloud Storage bucket, while adhering to Google's recommended security practices?