You misunderstand the mechanism - the Google Analytics script gets keywords etc from the referring url (the click url in the search engine resulte page contains a lot of info like keyword and position of the search result in the serp).
The analytics script extracts the information from the referrer and (apart from sending it to google) stores it in a cookie (actually the new universal analytics does not do this anymore). But this happens on you own domain.
Google Analytics can set first party cookies for you domain because by embedding their javascript code in your website you have basically handed them the key to the city - Google can write and read cookies, they can - and do - load other scripts, they could steal sessions, deface your site etc. Not that Google has ever done that, but if you're out for world dominantion you should start by hacking the servers that deliver the analytics javascript code.
However Google cannot set a first party cookie from a google domain, and they do not need to. It's all in the referring url.