style: tofu fmt the two files my multi-env change reformatted

Whitespace-only. `tofu fmt` realigned two spots that my Phase A edits
shifted:
- app_roles/main.tf: the REASSIGN revocation-statement trailing comment
  re-aligned after the GRANT line gained ${local.owner_role}
- variables.tf: the applications object keys re-aligned after adding the
  longer `envs` key

The two pre-existing unformatted files (factory_auth.tf, terraform.tfvars)
are left as-is — they were already unformatted on origin/main and are
outside this PR's scope.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

hashicorp-vault/iac/modules/app_roles/main.tf

@@ -35,7 +35,7 @@ resource "vault_database_secret_backend_role" "role" {
     "GRANT ${local.owner_role} TO \"{{name}}\";",
   ]
   revocation_statements = [
-    "REASSIGN OWNED BY \"{{name}}\" TO ${local.owner_role};", # reassign must be executed in the database where the reassgined objects are - TODO (one connection per database/app)
+    "REASSIGN OWNED BY \"{{name}}\" TO ${local.owner_role};",       # reassign must be executed in the database where the reassgined objects are - TODO (one connection per database/app)
     "REVOKE ALL ON DATABASE ${local.database} FROM  \"{{name}}\";", # should we drop the role ? -> YES after fixing reassign
   ]
   renew_statements    = []

hashicorp-vault/iac/variables.tf

@@ -11,9 +11,9 @@ variable "POSTGRES_CREDENTIALS_EDITOR_PASSWORD" {
 }
 variable "applications" {
   type = set(object({
-    name     = string
-    policies = optional(list(string), [])
-    service_account_names = optional(list(string), [])
+    name                       = string
+    policies                   = optional(list(string), [])
+    service_account_names      = optional(list(string), [])
     service_account_namespaces = optional(list(string), [])
     # Multi-env extension: list of envs this app deploys to. Defaults to ["prod"] for
     # every existing app — backwards compatible by the elision rule. Non-prod envs