ACCT-4178: Add raw permissions struct to provider

[ianmobbs]

At the moment, there is an issue with API Token permission groups. When fetching permission groups, there are 5 or 6 groups that can be either account-scoped or zone-scoped. Each of these permission groups results in two objects in the permission group response with the same name but different scopes - for example (pseudocode):

[
    {
        "name": "Permission Group 1",
        "scope": "com.cloudflare.api.account"
    },
    {
        "name": "Permission Group 1",
        "scope": "com.cloudflare.api.zone"
    }
]

As we're indexing by name only when calling d.Set, this can cause the ID for Permission Group 1 (account scope) to be overridden with the ID for Permission Group 1 (zone scope).

The resolution here is to index by name AND scope. To achieve this, we are adding a new zone, account and user attributes that contain only those for the resource level as opposed to all together. This still allows the ability of building any permission policy you need, but with explicit resource levels as part of the reference.

Closes #1004

[github-actions]

changelog detected ✅

[github-actions]

Marking this pull request as stale due to 14 days of inactivity. This helps our maintainers find and focus on the active pull requests. If this pull request receives no comments in the next 7 days it will automatically be closed. Maintainers can also remove the lifecycle/stale label.
If this pull request was automatically closed and you feel this pull request should be reopened, we encourage creating a new pull request linking back to this one for added context. Thank you!

[github-actions]

This functionality has been released in v3.29.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!