We have set up server side tagging in Google Cloud, to be able to use the Meta Conversions API with Google Tag Manager. Last month, we've reveived an email from Google Cloud, telling us that we need to "ensure read access on container images deployed to Cloud Run" before January 15:

"Starting January 15, 2025, Cloud Run will begin explicitly verifying that users or service accounts creating or updating Cloud Run resources have the permission to access deployed container image(s).

Currently, the Cloud Run Admin and Cloud Run Developer IAM roles implicitly give permission to deploy container images from Artifact Registry repositories in the same project. However, starting January 15, 2025, users or service accounts creating or updating a Cloud Run resource will need explicit permission to access deployed container images.

Before January 15, 2025, after creating or updating your Cloud Run resources, use this link to look for "User does not have access to image" errors in audit logs.

If you see an error in audit logs after deploying, action is required:
Ensure that the principal (user or service account) creating or updating Cloud Run resources has the Artifact Registry Reader (roles/artifactregistry.reader) IAM role on the project or container repository containing the container image to be deployed. Refer to our Artifact Registry documentation for detailed instructions.

No action is required in the following cases:

• The person deploying to Cloud Run is a Project Owner or Editor.
• The person deploying to Cloud Run can already pull images from Artifact Registry in this project.
• You are deploying functions or sources to Cloud Run.
• You are using Cloud Functions for Firebase or Firebase App Hosting.
• You are deploying continuously using a Cloud Build Trigger in the same project.
• The Cloud Run audit logs do not contain any error after deploying."

I have tried following the instructions they provided. In the IAM section under IAM & Admin, I found two 'principals'; the default compute service account, and our own account, and I have added the role 'Artifact Registry Reader' to both of them. 
I also redeployed our services.

However, the "User does not have access to image" error still shows up in the logs. 

I am an absolute newbie when it comes to using Cloud Run (or Google Cloud in general) and as a marketeer I am not even the person who should be maintaining it, but we have not yet found technical people to take over this task from me. So I am hoping someone can explain to me in easy wording what else I could do / try to prevent our server side tagging services to stop running on the 15th.

Thank you in advance!