create doc on key state behavior

[christinaausley]

Description

Closes https://github.com/camunda/product-hub/issues/3285.

Adds new BYOK failure-mode documentation

This PR introduces a new page describing how Camunda 8 SaaS behaves when an external Amazon KMS encryption key (BYOK) becomes unavailable. It covers scenarios such as keys being disabled, scheduled for deletion, deleted, or misconfigured.

What’s included

• Expected behavior during cluster startup and runtime
• Effects on orchestration operations, backups, and reads/writes to encrypted storage
• Behavior of pause and resume actions when the key is unavailable
• Recovery expectations when a key is re-enabled
• Permanent data-loss scenarios when a key is deleted
• Operational guidance and recommendations
• Cross-links added from the BYOK overview, setup guide, FAQ, and key rotation pages

Why this is needed

Customers using external encryption keys require clear expectations on failure modes, operational safeguards, and troubleshooting. Previous documentation did not explain how the system behaves when the key becomes inaccessible.

Follow-up

• Engineering validation is complete based on the Slack discussion
• Future UI and Console improvements to key-related error surfacing may require updates

When should this change go live?

• This is a bug fix, security concern, or something that needs urgent release support. (add bug or support label)
• This is already available but undocumented and should be released within a week. (add available & undocumented label)
• This is on a specific schedule and the assignee will coordinate a release with the Documentation team. (create draft PR and/or add hold label)
• This is part of a scheduled alpha or minor. (add alpha or minor label)
• There is no urgency with this change (add low prio label)

PR Checklist

• The commit history of this PR is cleaned up, using {type}(scope): {description} commit message(s)

• My changes are for an upcoming minor release and are in the /docs directory (version 8.9).
• My changes are for an already released minor and are in a /versioned_docs directory.

• I added a DRI, team, or delegate as a reviewer for technical accuracy and grammar/style:
  • Engineering team review
  • Technical writer review via @camunda/tech-writers unless working with an embedded writer.

[christinaausley]

Hi @hilalbursalii @stathis-cmnd this is ready for your final review 😄

[psetzer-camunda]

No additions at this stage.

[github-actions]

🧹 Preview environment for this PR has been torn down.