Firebase security rules cross project
Solution 1:
Bluntly, you are "separating your microservices" in completely the wrong way. Authentication is FUNDAMENTALLY tied to functionality, and inseparable - it is NOT a "micro-service". Even if you choose to use Cloud Functions to provide your "micro-service API", there is absolutely no reason whatever to use separate projects and databases BEHIND the Cloud Functions, and every reason to keep them the same.
What you are describing sounds far more like an attempt to hack another service than to create a viable solution, and Firestore is specifically built to resist such attempts.