fix: Add warnings to users about using credentials from external sources (#2551)

Author: zhumin8

google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java

@@ -199,6 +199,13 @@ public static GoogleCredential getApplicationDefault(
    * {@link Beta} <br>
    * Return a credential defined by a Json file.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialStream the stream with the credential definition.
    * @return the credential defined by the credentialStream.
    * @throws IOException if the credential cannot be created from the stream.
@@ -212,6 +219,13 @@ public static GoogleCredential fromStream(InputStream credentialStream) throws I
    * {@link Beta} <br>
    * Return a credential defined by a Json file.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialStream the stream with the credential definition.
    * @param transport the transport for Http calls.
    * @param jsonFactory the factory for Json parsing and formatting.