Thank you for your response. and sorry for the late response.

It seems, the service account which you are using don't have the permission to create the service account.

I suggest please add extra role (Role which contains IAM access) to your service account.

For testing you can add, Security Admin role, i believe this role contains all the IAM access.

Here is the gcloud command (Please replace the values according to your project)

gcloud projects add-iam-policy-binding <PROJECT NAME> --member="serviceAccount:<TERRAFORM-SERVICE ACCOUNT NAME>@<PROJECT NAME>.iam.gserviceaccount.com" --role="roles/iam.securityAdmin"

FYI..

I didn't tested this since i dont have a setup with me, based on the error i am expecting this will resolve your issue, if not please let me know.