[Terraform] Update policy assignment to be opt-in

[glennmusa]

Benefit/Result/Outcome

So that policy assignment doesn't fail if it's not supported in my cloud.

Description

Today, policy assignment in the Terraform implementation is defaulted to true. This differs from our Bicep implementation where policy assignment is opt-in and defaulted to no policy '':

Terraform defaulted to true:

missionlz/src/terraform/mlz/variables.tf

Lines 296 to 300 in f0e588d

	variable "create_policy_assignment" {
	description = "Assign Policy to deployed resources?"
	type = bool
	default = true
	}

Bicep defaulted to none '':

missionlz/src/bicep/mlz.bicep

Lines 545 to 552 in f0e588d

	@allowed([
	'NIST'
	'IL5' // Gov cloud only, trying to deploy IL5 in AzureCloud will switch to NIST
	'CMMC'
	''
	])
	@description('Built-in policy assignments to assign, default is none. [NIST/IL5/CMMC] IL5 is only availalbe for GOV cloud and will switch to NIST if tried in AzureCloud.')
	param policy string = ''

Acceptance Criteria

• The Terraform implementation of MLZ has policy assignment as an opt-in option

[glennmusa]

+@shawngib +@jjansen23 for awareness and discussion

Happy to adjust this to just the opt-in behavior if we want further design on "per-cloud policy assignment in Terraform"

[jjansen23]

Let's ensure the instructions are updated here https://github.com/Azure/missionlz/blob/main/docs/policies.md#deploying-with-terraform