feat(specs): Add new security and device profile specs

[repl-dheeraj-v]

• Add data_filtering_security_profile spec with vsys and template locations
• Add decryption_profile spec (ssl-inbound-proxy element, correct field names)
• Add snmp_trap_profile spec with v2c/v3 variant support
• Add email_server_profile spec matching syslog profile structure
• Add administrator spec with correct permissions/role-based XML structure
• Fix pango error parser to surface raw Panorama response when msg is empty

Description

Adds five new codegen specs for Terraform provider resources that were missing from the v2 provider, plus a bug fix in the pango error handler.

New Resources

Resource	Suffix	Location
Data Filtering Security Profile	panos_data_filtering_security_profile	shared, vsys, device-group, template, template-stack
Decryption Profile	panos_decryption_profile	shared, vsys, device-group
SNMP Trap Server Profile	panos_snmp_trap_profile	panorama, vsys, template, template-stack
Email Server Profile	panos_email_server_profile	panorama, vsys, template, template-stack
Administrator	panos_administrator	panorama, template, template-stack

Bug Fix — pango error parser (assets/pango/errors/panos.go)

When Panorama returns an error response with an empty or unparseable <msg> element, errors.Parse() previously returned an empty string, causing Terraform to display "failed to create entry on the server: " with no detail. The fix falls back to embedding the raw XML response body in the error so the actual rejection reason is always visible without needing PANOS_LOG_LEVEL=DEBUG.

Motivation and Context

These resources exist in the v1 provider but were not yet available in v2. They are required to manage common PAN-OS security and device configurations via Terraform, including SSL/TLS decryption profiles, DLP data filtering, log forwarding via SNMP/email, and administrator account lifecycle.

Key implementation notes:

• Decryption profile: The SSL inbound inspection block uses the XML element ssl-inbound-proxy (not ssl-inbound-inspection as in older PAN-OS docs). Verified against PAN-OS 11.2.8 XML API.
• Administrator: Role assignment uses the permissions/role-based/<role>yes</role> XML structure, not a flat role element. The disabled field is not valid in this context and was excluded.
• Data filtering: Extended the existing partial spec to add vsys, template, template-vsys, template-stack, and template-stack-vsys locations for full NGFW and Panorama template support.

How Has This Been Tested?

• Codegen run successfully against all new specs (go run cmd/codegen/main.go)
• Generated provider tested against a live Panorama 11.2.8 instance:
  • panos_decryption_profile — forward proxy and inbound proxy profiles created at device-group scope
  • panos_administrator — superuser and superreader accounts created via template
• XML structure for each resource verified against reference Panorama config using show config running xpath ...

Types of Changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes if appropriate.
• All new and existing tests passed.

[repl-dheeraj-v]

@migara can you please review. The terraform provider was generated from this and was tested against our configuration