In order to use the Firebase Admin SDK in v2 Firebase Cloud Functions, one must grant the "Default compute service account" in Google Cloud console the "Firebase Admin SDK Administrator Service Agent" role. This is because v2 functions use this service account to access the Firebase Admin SDK and not the "firebase-adminsdk" service account that was automatically created with that aforementioned role.
Is it safe to grant the default compute engine service account this role? Or is there a way to force v2 functions to use the firebase-adminsdk service account instead?
Whenever you are granting extra permissions to anything at all, it could be considered "unsafe" without understanding the bigger picture of all the cloud components in involved, and their individual security configurations. To be specific, if you grant this permissions, we have no idea what other parts of your project might be impacted. So it's really not possible, given the information here, to say if it's "safe" or not.
As a best practice, you should observe the principle of least privilege, and only assign the most specific required permissions to any component based on its actual needs. That is the only thing that could be considered universally "safe".
If you want your Cloud Functions code to be as "safe" as possible, you should initialize the Firebase Admin SDK with a service account that has been granted only the specific permissions required to do whatever you need to do with the SDK. This means you're going to have to pass an AppOptions parameter to initializeApp with appropriate service account credentials.