We export the missing input variables to the context as null values. The following HCL expression ${var.foo} test referring to an unspecified input variable results in cty.Value with an empty string. This leads to false positives when comparing with the empty string. To avoid this, we need to export the missing values as unknown values. Then the result of the expression will also be unknown, which Rego interprets as an unresolvable value and does not cause false positives.

Discussed in #8660