(Phase 0) WIP: v4->v5 zero_trust_access_application

[SirCortly]

This is a fairly large, complex migration. Migration is mostly complete, the main thing left is fixing up a few patterns of drift in the e2e tests.

If you revert 9ccbb50, all tests are passing. This commit is WIP to resolve V4 empty value defaults to V5 null value default transformations. The integration tests are currently failing and need further investigation. My hunch is that either 1) The config context is not being passed into the state transformations during the integration test or 2) There is an issue with the deeply nested structures in this integration affecting the default value transformations

Including the default value drift described above, the following drift remains:

1. http_only_cookie_attribute Drift (19 resources)                                                                                                        
  - v4 behavior: Sets value to null (removed from state)                                                                                                    
  - v5 behavior: Changes from false → true                                                                                                                  
  - Impact: All self-hosted and SSH apps show this drift                                                                                                    
  - Why: v4 provider appears to remove this attribute when not explicitly set, but v5 expects it to be true by default                                      
                                                                                                                                                            
  2. Empty/Default Value Removal (all resources)                                                                                                            
  - Fields being removed (set to null) when they have empty/default values:                                                                                 
    - allowed_idps = []                                                                                                                                     
    - auto_redirect_to_identity = false                                                                                                                     
    - enable_binding_cookie = false                                                                                                                         
    - options_preflight_bypass = false                                                                                                                      
    - service_auth_401_redirect = false                                                                                                                     
    - skip_interstitial = false                                                                                                                             
    - tags = []                                                                                                                                             
                                                                                                                                                            
  3. SAAS App-specific Issues:                                                                                                                              
  - saas_oidc: scopes array order changed from ["openid", "profile", "email"] to ["openid", "email", "profile"]                                             
  - custom_claims: Empty name_by_idp = {} being removed (set to null)