Add ability to set a masking policy on a tag

[wesleyhillyext]

Snowflake now has the ability to set a masking policy on a tag object. See Tag-based Masking Policies.

For maximum flexibility given the variety of management styles Snowflake supports for tags and masking policies, this could take the form of a new snowflake_tag_masking_policy_attachment resource. Another benefit of that approach is it neatly resolves an issue arising from this pair of rules from the documentation:

• A tag cannot be dropped if it is assigned to a masking policy.
• A masking policy cannot be dropped if it is assigned to a tag.

Having a separate attachment resource which depends on both the tag and masking policy objects means that terraform will destroy the attachment before destroying the tag or masking policy.

The structure of the resource would be something like:

resource "snowflake_tag_masking_policy_attachment" "test" {
    tag_database = "test_db"
    tag_schema = "test_schema"
    tag_name = "tag_name"

    masking_policy_database = "test_db"
    masking_policy_schema = "test_schema"
    masking_policy_name = "policy_name"
}