I will probably have to run cloud-init/ansible on the PVE host for this to work. I'd probably go with Ansible, but I would have liked for this to be possible directly through Terraform. I don't know if it's the developer of the provider who didn't include this.
With that said, we do have AppArmour support for VMs, which is a secure enclave too (if I understand correctly). Don't quite know if switching on and using both SGX and AppArmour would be a good choice - would you happen to know about this?