CENG-627: Allow API Key rotation for service accounts

[BartoszBlizniak]

API Key Rotation Support:

• Added a new rotate_api_key argument to the cloudsmith_service resource schema, allowing users to trigger a service API key rotation by changing its value. The field is optional and accepts an arbitrary string.
• Updated the resource update logic to detect changes to the rotate_api_key field and, when set to a non-empty value, call the Cloudsmith API to rotate the service account's API key. The new key is stored in state if store_api_key is true, otherwise it is redacted.

Local Testing Performed:

• This works correctly when running alongside "store_api_key" = false/true
• The API key will not be rotated when the argument is removed from the resource

[Copilot]

Pull request overview

This PR adds API key rotation functionality to the cloudsmith_service resource, allowing users to trigger key rotation for service accounts without recreating the resource. The implementation introduces a new rotate_api_key field that acts as a trigger mechanism - changing its value to a non-empty string will cause the service account's API key to be rotated via the Cloudsmith API.

Key changes:

• Added rotate_api_key schema field that accepts arbitrary strings to trigger rotations
• Implemented rotation logic in the update handler that calls the OrgsServicesRefresh API endpoint
• Added comprehensive tests including a dedicated rotation test and integration with existing tests

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
docs/resources/service.md	Documents the new rotate_api_key argument with usage examples
cloudsmith/resource_service.go	Implements the rotation logic in the update handler and adds the schema field
cloudsmith/resource_service_test.go	Adds rotation test cases and updates import verification to ignore the new field

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.