Implements https://developer.hashicorp.com/terraform/language/files/override semantics (override.tf, *_override.tf) by merging override content into primary .tf files before Trivy evaluation.

Block merging

• Override attributes replace primary attributes; override child blocks replace all primary blocks of the same type - matching Terraform's behavior
• "locals" blocks are merged at the individual attribute level across all primary files, matching Terraform's per-attribute semantics
• Empty inline blocks (e.g. variable "x" {}) are handled correctly during merging by forcing multi-line formatting before attribute insertion

Safety checks

• Duplicate primary blocks (e.g. two data "coder_parameter" "foo") are detected before merging and abort with a diagnostic, so downstream checks (preview's parameter validation, Terraform init/plan) see the unmodified duplicates
• "locals" and "terraform" blocks are exempt from duplicate detection - multiple instances are valid in Terraform
• New locals not present in any primary file produce an error diagnostic
• .tf.json override files are skipped with a warning (not supported)
• All override errors cause the original FS to be returned unchanged

How it works

1. mergeOverrides walks the filesystem, separating primary and override files per directory
2. Override files are processed sequentially (lexicographic order), each merging into the already-merged primary using hclwrite
3. The resulting overrideFS serves merged primary files and hides override files, so Trivy sees clean, post-merge HCL
4. No-op when no override files are present or when errors are encountered - the original FS is used unchanged, errors are surfaced as warning diagnostics

Related to: coder/coder#21991