What I understand from this is that when creating your azurerm_container_app you want to populate a value in an env block in that resource with the value of the custom_domain_verification_id which itself is an attribute that is exported by the azurerm_container_app (And not known until apply time)
Unfortunately you are not going to be able to achieve this, with this approach. You can’t populate the resource with something that is unknown until the resource is deployed (Hence the cyclic dependency).
If you really need the asuid to be populated into the environment block in the resource that generated the ausid then the following approach may work in your module (I have done similar in the past with success for other app services resources)
Create azurerm_container_app resource using AzureRM provider as you indicate, but without the env block.
Ensure the azurerm_container_app resource has a lifecycle Meta-Argument ignore changes argument for the env block.
Create an azapi_update_resource using the azapi provider which updates the azurerm_container_app resource with just the env block which can now contain values referenced from your azurerm_container_app resource. This referencing should ensure there is an implicit dependency between the resources (otherwise you would need an explicit dependency)
#2 is required to prevent subsequent runs detecting the change made by #3 to the resource created in #1.
Note that now you are constrained to managing that env block for that resource using the azapi_update_resource instead of doing it ‘inline’ within the azurerm_container_app