the central directory in this case is google.com (or github.com, or whatever your OIDC provider is)

If it gets breached, there will be significantly more problems than unauthorized ssh login.

(and this is a beauty of this compared to something like sshca: there is only one party that you need to trust, and you can choose a party that's unlikely to be breached)