I post this community wiki answer to make the solution provided in the comment section more visible. Feel free to edit or expand.
As it was suggested by @Joachim Isaksson in the comment section, you should use the command gcloud projects add-iam-policy-binding:
Adds a policy binding to the IAM policy of a project, given a project ID and the binding. One binding consists of a member, a role, and an optional condition.
To add an IAM policy binding for the role of 'roles/editor' for the user 'email@example.com' on a project with identifier 'example-project-id-1', run:
gcloud projects add-iam-policy-binding example-project-id-1 --member='user:firstname.lastname@example.org' --role='roles/editor'
More information you can find in the documentation.
In addition, please have a look at the document Understanding policies.
A principal, also known as a member or identity, which can be a user account, service account, Google group, or domain.
So, the principal should exist, but you can use already existing accounts like Google Account or Google Workspace account.