This PR adds the -allow-deferral flag to Terraform Test, essentially enabling deferrals during Terraform Test executions.

My test case exposed an edge case in the Terraform evaluation context, which I've fixed in this PR. Previously, if a resource was being created for the first time (so is not already in state) and was deferred the evaluation context was actually entering the rs == nil branch of the evaluation process, because deferred resources are not added to the internal state as they are built. This was then triggering the error branch and returning a cty.DynamicVal. We weren't picking this up previously, and this is actually a valid value to be returned for a deferred resource but the test case I wrote was validating the returned object and detecting that it was unknown.

I've refactored so it checks the deferred resources first, before consulting the state. Now, if the state doesn't have any values, it still uses the values from the deferred set of resources instead of just giving up.

Target Release

Same as whatever release the rest of deferred actions will go out in

Rollback Plan

• If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

Deferred actions in general hasn't been released yet, and is still protected behind an experiment. We don't need a CHANGELOG entry.