Add init-time policy evaluation

[dsa0x]

This is part of a stacked series to upstream the policy work in smaller, reviewable pieces:

• [Add policy client and protocol plumbing #38514]
• [Add policy result types and diagnostic metadata plumbing #38515]
• [Wire policy evaluation into Terraform core runtime #38516]
• [Add CLI and backend policy wiring for plan apply and query #38518]
• [Add init-time policy evaluation #38519] (this)

This PR adds policy evaluation during terraform init. That includes evaluating policy during module installation and provider installation, wiring the init flow through the policy client, and adding the init-specific view/test support needed to surface policy outcomes correctly in that stage of execution.

Contrary to the plan/apply workflow, policy failures during init would result in a non-zero exit of the terraform command.

Included here

• init-time module policy evaluation
• init-time provider installation policy evaluation
• initwd hook changes needed to support policy checks during module installation
• init command wiring
• init-specific view support for policy results
• init-specific tests

Target Release

1.16.x

Rollback Plan

• If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

• This change is user-facing and I added a changelog entry.
• This change is not user-facing.

[github-actions]

Changelog Warning

Currently this PR would target a v1.16 release. Please add a changelog entry for in the .changes/v1.16 folder, or discuss which release you'd like to target with your reviewer. If you believe this change does not need a changelog entry, please add the 'no-changelog-needed' label.