fix: set Content-Type header in the request to signBlob API to avoid Invalid JSON payload error (#439)

`auth.create_custom_token()` results in an error:

```
Failed to sign custom token. Error calling the IAM signBytes API:{ (...)
  "error": {
    "code": 400,
    "message": "Invalid JSON payload received. Unknown name \"{\"bytesToSign\": \"...\"}\": Cannot bind query parameter. Field '{\"bytesToSign\": \"...\"}' could not be found in request message.",
    "status": "INVALID_ARGUMENT",
    "details": [
      {
        "@type": "type.googleapis.com/google.rpc.BadRequest",
        "fieldViolations": [
          {
            "description": "Invalid JSON payload received. Unknown name \"{\"bytesToSign\": \"...\"}\": Cannot bind query parameter. Field '{\"bytesToSign\": \"...\"}' could not be found in request message."
          }
        ]
      }
    ]
  }
}
```

I have confirmed setting `'Content-Type': 'application/json'` header resolves the problem.
diff --git a/google/auth/iam.py b/google/auth/iam.py
index bd05004..d83b251 100644
--- a/google/auth/iam.py
+++ b/google/auth/iam.py
@@ -69,7 +69,7 @@
 
         method = "POST"
         url = _SIGN_BLOB_URI.format(self._service_account_email)
-        headers = {}
+        headers = {"Content-Type": "application/json"}
         body = json.dumps(
             {"bytesToSign": base64.b64encode(message).decode("utf-8")}
         ).encode("utf-8")
diff --git a/tests/test_iam.py b/tests/test_iam.py
index 4367fe7..cb2c26f 100644
--- a/tests/test_iam.py
+++ b/tests/test_iam.py
@@ -89,6 +89,8 @@
         returned_signature = signer.sign("123")
 
         assert returned_signature == signature
+        kwargs = request.call_args.kwargs
+        assert kwargs["headers"]["Content-Type"] == "application/json"
 
     def test_sign_bytes_failure(self):
         request = make_request(http_client.UNAUTHORIZED)