Terraform pipeline UX: single job to apply TF specs

[gberche-orange]

Currently, to guard against errors when applying terraform config on sensitive providers (e.g openstack or CF), the TF specs are only applied after a manual invocation of the "cf-manual-approval" job, which then flows to the "enforce-terraform-cf-consistency" job.

The current UX is 3 fold:

• manually trigger check-cf-consistency, checking dependent resources where proper updated, and check the terraform plan output.
• manually trigger cf-manual-approval and check it output.
• wait for the enforce-terraform-cf-consistency job to self trigger, and verify its successful completion

This creates the following UX problems:

• navigating across 3 distinct jobs is time consumming
• enforce-terraform-cf-consistency job can misleading be directly invoked by impatient contributors, unexpectedly applying old version of the terraform specs.

Suggested changes:

• merge cf-manual-approval and enforce-terraform-cf-consistency jobs into a single approve-and-enforce-terraform-cf-consistency
• potentially introduce a new reenforce-current-terraform-cf-consistency to trigger reapplication of the "terraform-plan" on previous version of paas-template resource and paas-secret