For those reading this and wondering how to solve this, I did it like this. Of course there are multiple solutions to the same issue.

I added --service-account="myOwnServiceAccount@gcp..." to the yaml file that creates the Cloud Run container. This indeed seems to change the "default" service account into the one I specified, and then I could set the needed roles to this myOwnServiceAccount to make sure it works as expected.