Refactor sensitive manifest handling in Terraform module

[unitmatrix]

This pull request introduces a new feature that filters sensitive manifests based on their group_kind. The changes include:

• Creating a local map sensitive_manifests by iterating over the data source manifests and including only those whose group_kind is in the sensitive_group_kinds list.
• Updating the kustomization_resource resources to use the sensitive_manifests map, falling back to the original manifests if not found in the sensitive map.

Additionally, this change ensures compatibility with Terraform version 1.10.0 and above, where all marks are passed through conditional expressions as per the HCL commit.

This enhancement improves the security and management of manifests by appropriately marking and handling sensitive manifests.

[unitmatrix]

Thank you for your feedback. The main reason behind this pull request is to address a compatibility issue introduced in Terraform version 1.10.0 and above concerning how marks are handled in conditional expressions. Specifically, in the current implementation, an expression like false ? sensitive(var.example) : var.example ends up marking var.example as sensitive regardless of the condition's outcome. This is because Terraform evaluates both the true and false branches under the hood, causing unintended sensitive marking.

The proposed change mitigates this by preemptively filtering and appropriately marking the sensitive manifests. This ensures that only the relevant manifests are marked as sensitive, avoiding the overhead of Terraform's conditional handling of marks in later versions. Although this approach introduces an additional iteration over all manifests, it is necessary to ensure correct behavior with newer versions of Terraform and maintain the security posture by handling sensitive data appropriately.