Prevent automatic backend migration during terraform init

[jbardin]

When terraform detects a change in the stored backend configuration, it will always attempt to setup a state migration. This often presents a problem for users when the stored configuration is no longer valid in some way, usually due to changes in authentication or accidental misconfiguration. The failure mode here can be quite confusing, as the error may show "Access Denied" or similar for what the user intends to be the current backend, though it is originating from the stored configuration.

Since init is a required part of the workflow, the majority of time that init is executed, migration is not expected. In the cases where it is desired, the user should already be aware of the change because there was a change in the configuration. This would also match the behavior of running terraform in a clean environment every time, as it usually is in automation.

See #18011 for more background.

This PR adds an init -migrate-state flag to indicate automatic state migration is desired. This flag will be implied by the -force-copy flag, since that would indicate state migration is expected. If init now encounters a change to the stored backend configuration, it will always return an error when neither -reconfigure or -migrate-state is supplied. This would not apply to the first time a backend is configured, as there would be no stored configuration to compare, preventing any change in the usual remote state onboarding process.

We can also improve the init error output here, and replace some of the legacy output strings with diagnostics, removing the "Please see the error message above" errors, which are referring to error output written to stdout. Being able to catch the unexpected change in backend configuration and return an error allows us to now present the user with instructions about how to accept the configuration changes, either through migration of reconfiguration.

│ Error: Backend initialization required, please run "terraform init"
│
│ Reason: Backend configuration changed for "s3"
│
│ The "backend" is the interface that Terraform uses to store state,
│ perform operations, etc. If this message is showing up, it means that the
│ Terraform configuration you're using is using a custom configuration for
│ the Terraform backend.
│
│ Changes to backend configurations require reinitialization. This allows
│ Terraform to set up the new configuration, copy existing state, etc. Please run
│ "terraform init" with either the "-reconfigure" or "-migrate-state" flags to
│ use the current configuration.
│
│ If the change reason above is incorrect, please verify your configuration
│ hasn't changed and try again. At this point, no changes to your existing
│ configuration or state have been made.

Running init without either of those flags will show

│ Error: Backend configuration changed
│
│ A change in the backend configuration has been detected, which may require migrating existing state.
│
│ If you wish to attempt automatic migration of the state, use "terraform init -migrate-state".
│ If you wish to store the current configuration with no changes to the state, use "terraform init -reconfigure".

[alisdair]

This looks good to me! The UI changes feel right in local testing. I think I spotted a helper function we can 🔪

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.