I came across a GCP project that has a IAM role assigned to a domain (domain:example.com).
What does that do?
It will give access to all users part of that domain. So in this situation anyone with a google account that ends in @example.com.
Not really sure what could be unclear about that in the first place. Maybe see https://cloud.google.com/iam/docs/principals-overview#g-suite-domain for which type of domains are supported by google?