Bug Summary: Infisical Terraform Provider Fails with Secret References

Issue Description

The Infisical Terraform provider's ephemeral block fails to retrieve secrets when the target environment uses variable references (like ${common.AWS_ACCESS_KEY_ID}) instead of direct secret values.

Steps to Reproduce

1. Working Configuration:

   ephemeral "infisical_secret" "aws_access_key_id" {
     name         = "AWS_ACCESS_KEY_ID"
     env_slug     = "infra"
     workspace_id = data.infisical_projects.platform.id
     folder_path  = "/"
   }

   Where k8s-infra environment has AWS_ACCESS_KEY_ID set to a direct value (e.g., foobarkey...)

2. Failing Configuration:
   Same Terraform code, but where k8s-infra environment has AWS_ACCESS_KEY_ID set to a variable reference (e.g., ${common.AWS_ACCESS_KEY_ID})

Infisical Project Structure

Project: test-project
├── Environment: common
│   └── AWS_ACCESS_KEY_ID: "foobarkey..." (direct value)
└── Environment: infra
    └── AWS_ACCESS_KEY_ID: "${common.AWS_ACCESS_KEY_ID}" (variable reference)

Expected Behavior

The ephemeral block should resolve the variable reference and retrieve the actual secret value from the referenced environment (common).

Actual Behavior

• Error: InvalidClientTokenId: The security token included in the request is invalid
• Root Cause: The provider retrieves the literal string ${common.AWS_ACCESS_KEY_ID} instead of resolving it to the actual AWS access key value

Workaround

Manually copy the secret value from the source environment (common) to the target environment (infra) instead of using variable references.

Environment Details

• Provider: infisical/infisical version ~> 0.15
• Terraform Version: >= 1.12