ui - add tf icons to tf-managed roles, services, policies; show zms-cli command.

[ArtjomsPorss]

Description

Terraform icons in Athenz UI

This is a change to Athenz UI where for TF-owned roles, services, policies a TF icon will is displayed.
The icon is shown in these places:

Location	When the icon appears
Roles (domain role list)	Role metadata is owned (objectOwner or metaOwner)
Role members (add-member dialog title and role header)	Role membership is owned (membersOwner) — not on individual member rows
Policies (domain policy list and role policy tab)	Policy object or assertions are owned (objectOwner or assertionsOwner)
Services (service list and service header)	Service object is owned (objectOwner)

Athenz UI provides zms-cli command to use

If you try to change a Terraform-managed resource through the UI (delete role, add/remove member, edit role settings, add/delete policy assertion, delete service, delete public key, and similar), the operation fails with a warning instead of applying the change. The dialog then shows a copy-ready zms-cli command that can perform the same action while bypassing resource-owner enforcement.

When ownership blocks the action, the UI generates a command appropriate to what you attempted, including (non-exhaustive):

UI action	Typical zms-cli subcommand
Delete role	delete-role
Update role settings (description, review flags, etc.)	set-role-description, set-role-member-expiry, or related set-role-*
Add / remove role member	add-member, add-temporary-member, or delete-member
Delete policy	delete-policy
Add / delete policy assertion (policy or role-policy tab)	add-assertion / delete-assertion
Delete service	delete-service
Add / Delete service public key	add-public-key / delete-public-key

Recommended Workflow for the users

1. Identify managed resources via the Terraform icon before editing.
2. Change ownership, membership, policies, and services in Terraform; plan and apply through your standard process.
3. Avoid UI or zms-cli -r ignore except for documented emergencies.
4. Reconcile after any emergency CLI use by updating Terraform code/state and applying so Athenz and Terraform match again.

Screenshots

Icon beside TF-owned roles. Same icon beside TF-owned services and policies:

Icon beside TF-owned role name, when viewing specific role / Service:

When attempting to make change to TF-owner resources, a corresponding zms-cli command is generated and presented to the user with a warning:

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive system for identifying and managing Terraform-owned resources within the Athenz UI. It adds visual indicators (Terraform icons) to roles, policies, and services, and provides users with copyable zms-cli command suggestions when UI-based modifications are blocked by resource ownership. The implementation includes new utility modules for ownership detection and CLI command formatting, along with extensive updates to component headers and action modals. Feedback focuses on improving the robustness of the generated CLI commands—specifically regarding proper shell quoting and subcommand accuracy—and ensuring better lifecycle management for the clipboard copy functionality.