You're not supposed to use service accounts in web and mobile apps. Since a service account is highly privileged (and always bypass security rules), it's not suitable for putting on end user devices in any form. It would be a huge security hole if a user's device contained a service account, no matter what you do to obscure that.
Service accounts are only intended for use with secure backend code. Don't try to do anything different, or you will open yourself up to a whole slew of security problems.
The only supported way of dealing with Firestore directly and securely through web and mobile apps is using Firebase Authentication. Yes, this involves making the user enter their credentials. That's a good thing - you don't want anyone to impersonate anyone else. You could look into anonymous authentication if want to create user accounts without credentials.
If you really must perform some actions with a service account, directed by a web or mobile app, the app should connect to a backend through some API endpoint. The backend can then perform the operations. If you do this, bear in mind that now people can access the API endpoint to possibly compromise your system, and that API should be controlled by some form of auth (perhaps also Firebase Auth).
