Checks: Add support for scoped resources.

[liamcervante]

This PR adds support for scoped resources into the Terraform configuration language.

• It creates a new Container interface within the configs package.
• It embeds an optional container with the configs.Resource structure.
• It adds a new address as an argument to the static analysis flow, source.
• The static analysis will now validate that the container is accessible from the given source.

As of this PR, this new functionality is not used. As such all source references are set to nil, indicating they have only the default level of access and cannot access anything within a container.

In the longer term, only items that know they might need to access containerised resources will need to set the source argument which at the moment will only be the new Check blocks.

As nothing is using this functionality it was challenging to write tests within the existing frameworks. Unit tests for scoped resources are added later in the chain (liamcervante/checks/graph) when we have config and implementation that actually use the new functionality.

---

This PR is part of chain of PRs introducing the new Checks feature into Terraform for v1.5. The chain of PRs is as follows:

Branch	Description	Pull Request
liamcervante/checks/scoped	Add support for scoped resources.	#32732
liamcervante/checks/addr	Add Terraform addresses for new Check blocks.	#32733
liamcervante/checks/configs	Add config parsing new Check blocks.	#32734
liamcervante/checks/graph	WIP: Add nodes and transforms for processing new Check blocks.	#32735

I have created the chain to make reviewing the smaller contained part of the process easier. IF you want to view all the changes together in a single PR, navigate to the last PR in the chain and compare it to the main branch and you will see all changes from all prior PRs in a single place.

[jbardin]

The changes LGTM! Though I don't think I see any tests checking what happens when something is referenced from the incorrect scope.

[liamcervante]

The changes LGTM! Though I don't think I see any tests checking what happens when something is referenced from the incorrect scope.

Yeah, the way the existing tests are all configured is that they use real configuration to load and execute against, and we don't have anything right now that actually uses the scope to validate whether it's working or not working. The WIP graph PR further down the chain actually hooks everything up and includes tests for scoped/unscoped access etc.

[github-actions]

Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.