As a DevOps Engineer for a company using Google Cloud Platform (GCP), you are responsible for securing the deployment pipeline and enforcing least privilege access using IAM policies for different environments (development, staging, and production). Your company has a large number of projects and requires a scalable and maintainable solution. Which of the following approaches is the most appropriate to achieve this goal?