Add rotate_when_changed to tailnet key schema

[omBratteng]

What this PR does / why we need it:
This adds a new field to the schema of tailscale_tailnet_key, which would allow one to use the time_rotating without depending on the lifecycle.

So you could do this to auto rotate the key

resource "time_rotating" "autorotator" {
  rotation_days = 60
}

resource "tailscale_tailnet_key" "tailscale_ingress" {
  reusable  = true
  ephemeral = true
  tags = [
    "tag:some-tag",
  ]
  rotate_when_changed = {
    rotator = time_rotating.autorotator.id
  }
}

Which issue this PR fixes (use fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged):

Fixes #144

Special notes for your reviewer:

[knyar]

Thanks for proposing this, and apologies that it took so long to review.

Seems a bit weird to add a bogus field just to trigger a recreation of the resource. Perhaps a viable alternative would be to add support for the Description field (recently added to the API library)? This will allow you to use the autorotator ID as part of the description text, re-creating the key when the ID changes.

[omBratteng]

The solution is inspired by the azuread_application_password resource, where they also have the rotate_when_changed field. Ideally it would've been a built-in terraform feature.

Kinda does feel a bit hacky to use the description field to trigger a rotation, and would be dependent on the user to add a rotation ID to the description field. Personally I would prefer a dedicated field for it.

[knyar]

Yeah, I agree that this seems like something that Terraform should natively support. Adding a separate field that does not impact resource configuration at all does not seem like a good long term solution, since if/when Terraform does provide first-class support for this, that field would not longer be helpful at all. With this in mind, I'd prefer using an existing field as a work-around.

Key description support has been added in #277, so I'd recommend using that.