Improve LDAP password management

[adambarreiro]

Before the changes implemented in this PR, users were forced to include a block in their vcfa_provider_ldap or vcfa_org_ldap definitions:

lifecycle {
    ignore_changes = [password]
}

With these changes, this requirement is no more. The idea is to save the LDAP password as the user provides it on create/update, ignoring the backend in this case (which never returns it). On reads, we just recover the value from state.

If the password is changed, the mechanism works exactly the same, so it detects password changes as normal.

Acceptance tests:

go test -tags functional -run '^TestAcc.*Ldap' -v -timeout 0

Manual checks:

• Create vcfa_provider_ldap and vcfa_org_ldap HCL blocks. Apply as usual without any lifecycle meta-argument.
• Run terraform plan. No updates-in-place should be reported.
• Update the password to a dumb one that does not work. It should report the update-in-place and apply.
• In UI, try to Sync ("Sync" button). Task should fail.
• Try to revert back to correct password. It should report the update-in-place and apply.
• In UI, try to Sync ("Sync" button). Task should finish OK.
• Destroy

[lvirbalas]

Thank you! Tried and can confirm that I'm NOT getting that action anymore:

 # vcfa_org_ldap.my-org-ldap will be updated in-place
  ~ resource "vcfa_org_ldap" "my-org-ldap" {
        id                     = "urn:vcloud:org:ab8f618c-2f8f-4424-9c13-7db2a9051304"
        # (4 unchanged attributes hidden)

      ~ custom_settings {
          + password                = (sensitive value)
            # (7 unchanged attributes hidden)

            # (2 unchanged blocks hidden)
        }
    }

[Didainius]

Great improvement!