Ok. Got it. It's not very clear in the original article (and be re-reading yours, it's not really clear also!)

it said: "If you yourself are accessing GCP, don’t use a service account, instead authenticate with your own Google user identity!"

But later, a sentence is confusing: "Using a service account and setting the environmental variable GOOGLE_APPLICATION_CREDENTIALS is the recommended method of service account authentication because it takes the highest precedence on gcloud over all other methodologies."

So, if you use a service account key file, it's recommend to add it to the GOOGLE_APPLICATION_CREDENTIALS to leverage the highest precedence!!

But, in any case, recommended on local environment when you can use your own user credential. (Except the 2 cases that you mention, but it's not on all the projects!!)

The service account key file must be used only on external and automatic platform, I mean an app on AWS, or a CI/CD (on Gitlab like in my company). But in any case on the developer environment! (Except the 2 cases that you mention, but it's not on all the projects!!)