Hi @finlay.evans,
I would suggest thinking of the dependency lock file as part of the source code that your developers are submitting to test, rather than an artifact of the remote planning process.
Specifically, I would expect your developers to update the lock file on their local systems and submit that to the VCS branch along with whatever other changes they are intending to test.
If your concern is that the developers don’t have suitable credentials to initialize the backend, you could potentially avoid that problem by having the developers run terraform init -backend=false, so that Terraform will install all of the necessary dependencies and update the lock file but will skip trying to initialize the backend. That partial initialization should also allow them to use other commands that work only with the configuration (not the state), such as terraform validate as a way to get quick feedback on simple validation errors before pushing up the branch for speculative planning.