test: Enable mocking http provider sources in tests

[SarahFrench]

This is part of breaking #38205 into smaller PRs.

This PR includes work to enable tests where Terraform is led to believe it's downloading a provider via HTTP. This is necessary in the linked PR because we want Terraform to behave differently based on where a provider is downloaded from.

Context:

The helper newMockProviderSource is used when Terraform's provider installation logic is under test. The provider source is used by Terraform when 'installing' providers during init, but testingOverrides needs to be set in the Meta for a provider to be used, i.e. for a provider factory to be obtainable by calling code.

The existing newMockProviderSource helper always makes Terraform believe the provider is downloaded from a local archive (see this line in the helper, and then this line from the invoked function).

In this PR I have updated the getproviders.MockSource mock to be able to mock download via HTTP, by allowing a mock source to use a paired test HTTP server.

The HTTP server needs to:

• Enable TLS
• Have a handler for the correct path for a given provider that returns data matching checksums for that provider.
  • Note that the data is not used beyond comparison to a checksum; testingOverrides is still what's used when launching a provider child process, as noted above.

To enable TLS in the tests I've made changes (improved via pairing with @dsa0x, thnx!) to how the HTTP client is obtained in the installFromHTTPURL function. Before the client was always generated there using httpclient.New(), but now the provider source can supply its own client for use instead of httpclient.New().

Target Release

N/A

Rollback Plan

• If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

• This change is user-facing and I added a changelog entry.
• This change is not user-facing.

[SarahFrench]

These changes are necessary to enable TLS using the self-signed cert from the httptest.Server made in the test setup. The client needs to be configured with InsecureSkipVerify set to true so that the self-signed cert doesn't cause issues, and we want to supply that cert in a test-specific way.

Only the mock provider source implements the ClientReturningSource interface, so only mock provider sources will lead to this method receiving a non-nil client. For end users of Terraform the incoming *http.Client value will always be nil, so the client will be created in the original and secure way here in this function.

[SarahFrench]

This test is here to illustrate using the new helpers. My plan is to delete it in a subsequent PR that makes use of the new helpers while implementing new features.

I'm happy to remove them in this PR before merging, once they're no longer needed for reference by the reviewer.

[mildwonkey]

I've left a bunch of nitpicky comments, and I feel at least somewhat strongly that ClientReturningSource should have Test or Mock or Fake in the name since it's showing up in "production" codepaths, but definitely nothing in here I'd block you over!