docs: add IAM Authn details (#465)

Fixes #464

README.md

@@ -21,6 +21,11 @@ language. Using an AlloyDB connector provides the following benefits:
 * **Convenience:** removes the requirement to use and distribute SSL
   certificates, as well as manage firewalls or source/destination IP addresses.
 
+* (optionally) **IAM DB Authentication:** provides support for
+  [AlloyDB’s automatic IAM DB AuthN][iam-db-authn] feature.
+
+[iam-db-authn]: https://cloud.google.com/alloydb/docs/manage-iam-authn
+
 ## Installation
 
 You can install this repo with `go get`:
@@ -188,6 +193,38 @@ func Connect() {
 }
 ```
 
+### Automatic IAM Database Authentication
+
+The Go Connector supports [Automatic IAM database authentication][].
+
+Make sure to [configure your AlloyDB Instance to allow IAM authentication][configure-iam-authn]
+and [add an IAM database user][add-iam-user].
+
+A `Dialer` can be configured to connect to an AlloyDB instance using
+automatic IAM database authentication with the `WithIAMAuthN` Option.
+
+```go
+d, err := alloydbconn.NewDialer(ctx, alloydbconn.WithIAMAuthN())
+```
+
+When configuring the DSN for IAM authentication, the `password` field can be
+omitted and the `user` field should be formatted as follows:
+
+- For an IAM user account, this is the user's email address.
+- For a service account, it is the service account's email without the
+`.gserviceaccount.com` domain suffix.
+
+For example, to connect using the `[email protected]`
+service account, the DSN would look like:
+
+```go
+dsn := "[email protected] dbname=mydb sslmode=disable"
+```
+
+[Automatic IAM database authentication]: https://cloud.google.com/alloydb/docs/manage-iam-authn
+[configure-iam-authn]: https://cloud.google.com/alloydb/docs/manage-iam-authn#enable
+[add-iam-user]: https://cloud.google.com/alloydb/docs/manage-iam-authn#create-user
+
 ### Enabling Metrics and Tracing
 
 This library includes support for metrics and tracing using [OpenCensus][]. To