Allow resource provider to automatically set protect Resource option

[t0yv0]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Certain resources like rds.Instance are known by the provider to be special: they are stateful and incorrect handling of deletes or replaces could cause data loss in an improperly configured system. Currently providers have ad-hoc mechanisms such as forceDelete (see pulumi/pulumi-aws#3807) to encode this knowledge, but Pulumi is not aware of these and the experience is suboptimal and confusing. It would be great if providers could tap into a Pulumi-supported mechanism for this such as the https://www.pulumi.com/docs/concepts/options/protect/ option, for example by having an "auto protect" mode that automatically starts off stateful resources as protected.

Affected area/feature

[Frassle]

for example by having an "auto protect" mode that automatically starts off stateful resources as protected.

I think if we could update "protect" in the state file and grpc layer to be a ti-state (true/false/not-set) this would be pretty easy.
By default everything would be 'not-set', treated the same as "false" for handling deletes. But a provider could return "protect by default" flag from Create at which point state would be updated to be "true" unless the program had explicitly said "false".
If state is then fixed to "true" from a default protect and the user hasn't set Protect in their program we then get a registration of "not-set" and so leave protect as true. That keeps going till the user either runs unprotect or explicitly sets Protect=false in their program.

In fact not even sure the tri-state in state is needed for this, probably just for the resource registration.