feat(terraform): introduce Phala Cloud Terraform provider (app-first beta)

[h4x3rotab]

Summary

• add new terraform module (Go, plugin-framework)
• add core resources: phala_app, phala_cvm, phala_cvm_power, phala_ssh_key
• add core data sources: account/workspace/sizes/regions/images
• add typed+fallback API client wiring and generated OpenAPI client
• add smoke examples and Makefile targets for local/e2e flow
• add provider CI/release workflows

App-first behavior included

• phala_app models shared compose/env + replica count under one app id
• supports scaling replicas and wiring app outputs into another app env in examples
• supports per-deployment SSH authorized keys on create
• supports encrypted env workflows (auto and manual modes)

Tested

• go test ./... in terraform
• real workspace apply/destroy smoke flows
• replica scale up/down in real environment
• env update + cross-app reference wiring

Known limitations / follow-up

• compose update may hit long backend operation locks (409 another operation in progress) and can require retries/wait windows; needs operation-aware convergence hardening before non-beta release
• some eventual consistency in post-update reads still requires careful handling

Notes

• local sensitive artifacts are ignored via terraform/.gitignore (.env*, dist/, smoke tfstate*)