CKV2_GCP_10 - false positives

[mustex]

Describe the issue
Checkov scan is showing false positives regarding insecure http access to event triggered cloud functions.

Check: CKV2_GCP_10: "GCP Cloud Function HTTP trigger is not secured"
FAILED for resource: google_cloudfunctions_function.function

Examples

resource "google_cloudfunctions_function" "function" {
  name    = local.function_name
  project = local.project
  region  = var.region
  runtime = "dotnet8"

  event_trigger {
    event_type     = "providers/cloud.pubsub/eventTypes/topic.publish"
    resource = data.google_pubsub_topic.topic.id
    failure_policy  {
      retry= true
    }
  }
}

We cannot add trigger_http = false as it fails during the plan:

Plan: 1 to add, 0 to change, 1 to destroy.
╷
│ Error: Conflicting configuration arguments
│
│   with google_cloudfunctions_function.function,
│   on cloudfunction.tf line 1, in resource "google_cloudfunctions_function" "function":
│    1: resource "google_cloudfunctions_function" "function" {
│
│ "event_trigger": conflicts with trigger_http

We also cannot add https_trigger_security_level = "SECURE_ALWAYS" as that fails at apply:

Error: Error while updating cloudfunction configuration: googleapi: Error 400: Invalid value at 'function' (oneof), oneof field 'trigger' is already set. Cannot set 'httpsTrigger'

This is the only cloud function in our terraform, and it is triggered by an event topic, so this check is not applicable.

Version (please complete the following information):

• Checkov Version 3.2.334

Additional context
See previously closed requests: #4812, #5897