I've been through something similar today. With the help of ChatGPT (which was not around 2 years ago haha), I think I got some answers... but, yeah, it's weird and it does not make a lot of sense.
Using the google_sign_in Flutter package on Android, when you provide a clientId, it overrides the behavior and ignores the google-services.json file. So, if you go the road of downloading the google-services.json file from Firebase, then do not provide a clientId.
The thing is that I did not want to use Firebase in my use case. So, how do I provide the necessary context to the package if I cannot provide a client id? And, I don't understand why that does not work because that's precisely what I did on iOS. Here is a working version:
Open the Auth Clients page of the Google Cloud console
Create an Android client and fill out the form (package name + SHA-1)
Create a Web application client and enter a name
Use the Client ID of the web one in your GoogleSignIn constructor
Here's how ChatGPT summarized it for me:
Even if the Android Client ID isn't directly used in the app, registering it in the Google Cloud Console (with the correct package name and SHA-1 certificate) ensures that Google's authentication services recognize the app.
Maybe it made that up, I don't know, but the important part is that it works!