My use case is that I have a large list of subnets which cover things like employee LANs, VPNs, office LANs, guest LANs, etc. They are not managed in AWS since the end-points aren't actually in the VPC.
However, I would like to use them in security groups to grant access to internal resources.
What is the best way to encode these into TF in a way that is easy to re-use? Should I create a module that is just shared with everyone? Is it better to use remote state? Is there a provider that is well suited for this sort of application?
Your situation sounds similar to the use-cases given in the section Data-only Modules in the Terraform documentation page Module Composition.
How exactly you'd achieve it would depend on whether the information you need is already published somewhere that a Terraform data source could retrieve it from. There are various data sources available across many providers for fetching information about e.g. AWS VPCs/subnets, but the system you're using to manage these non-cloud networks might not have such a convenient integration point.
In that case, there are two more general options to consider:
output blocks and possibly local blocks depending on whether you need some logic to project the data into a convenient shape for the module caller.hashicorp/http provider has a data source called just http which can retrieve text-based data from an arbitrary HTTP or HTTPS URL. If you have that data published in JSON, for example, then you could use the http data source along with the jsondecode function in your data-only module to get the data into a Terraform-consumable data structure.