feat: add github_enterprise_private_repository_forking_setting resource

[andrewesweet]

Resolves #3363
Relates to #2851, #1844

---

Before the change?

• No way to manage the enterprise-level private repository forking policy via Terraform.
• The forking destination policy (where members can fork to) is only configurable through the GitHub UI or raw GraphQL mutations.

After the change?

• New resource github_enterprise_private_repository_forking_setting that manages the enterprise-wide fork policy via the updateEnterpriseAllowPrivateRepositoryForkingSetting GraphQL mutation.
• Supports setting (ENABLED, DISABLED, NO_POLICY) and policy (6 destination options including ENTERPRISE_ORGANIZATIONS_USER_ACCOUNTS for EMU environments).
• Includes CustomizeDiff validation, import support, and full acceptance test suite (8 tests all passing).
• Destroying the resource resets to NO_POLICY, returning control to individual organizations.

Example usage

resource "github_enterprise_private_repository_forking_setting" "example" {
  enterprise_slug = "my-enterprise"
  setting         = "ENABLED"
  policy          = "ENTERPRISE_ORGANIZATIONS_USER_ACCOUNTS"
}

Pull request checklist

• Schema migrations have been created if needed
• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

• Yes
• No

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[andrewesweet]

Design note: schema shape

I considered collapsing setting and policy into a single attribute (with values DISABLED, NO_POLICY, SAME_ORGANIZATION, ENTERPRISE_ORGANIZATIONS_USER_ACCOUNTS, etc.) for a simpler user experience. However, the existing enterprise resources in this provider consistently map to the underlying API shape rather than presenting a facade over it — see github_enterprise_actions_permissions (enabled_organizations + allowed_actions) and github_enterprise_actions_workflow_permissions (default_workflow_permissions + can_approve_pull_request_reviews) for examples. I followed that convention here, keeping setting and policy as separate attributes to match the GraphQL mutation's settingValue and policyValue input fields.

I dropped the _value suffix from both attribute names — the API field names are settingValue/policyValue but the suffix is redundant in the Terraform schema context, and existing resources already rename API fields freely (e.g. MembersCanForkPrivateRepos → members_can_fork_private_repositories).