Validate result from `UpgradeResourceIdentity` matches current schema

[ansgarm]

Currently there are no safe-guards when resource identity upgrade functions are called. This mirrors the existing design for state upgrade functions that have the exact same problem.

This means that an erroneous implementation in the provider can lead to parts of the identity being accidentally set as null values if no new value is set (i.e. if the new identity version has new fields). This happens because Terraform doesn't validate the identity against its schema anymore.

We could add some validation to the upgradeJSONIdentity function

terraform-plugin-sdk/helper/schema/grpc_provider.go

Lines 2331 to 2347 in c778fc7

	func (s *GRPCProviderServer) upgradeJSONIdentity(ctx context.Context, version int64, m map[string]interface{}, res *Resource) (map[string]interface{}, error) {
	var err error
	for _, upgrader := range res.Identity.IdentityUpgraders {
	if version != upgrader.Version {
	continue
	}
	m, err = upgrader.Upgrade(ctx, m, s.provider.Meta())
	if err != nil {
	return nil, err
	}
	version++
	}
	return m, nil
	}

to show an error instead. This error would then tell the user that this is a bug in the provider and should be reported to its maintainer.