Lock Down Values in Pulumi ESC with fn::final

Pulumi ESC (Environments, Secrets, and Configuration) provides a method for composing environments by importing configuration and secrets from other environments, which can inadvertently allow a child environment to override important settings such as security policies. To address this, Pulumi has introduced the fn::final function, allowing users to mark certain values as final to prevent unintended overrides. If a child environment attempts to change a final value, ESC issues a warning and retains the original setting, ensuring consistency and security. This feature is particularly useful for maintaining security-sensitive values, compliance settings, and consistent configurations across shared base environments. The fn::final functionality is currently available in all Pulumi ESC environments, with further details accessible in its documentation.