Docs: API secret/ssh clarity on Create & Update (#17033)

* Docs: API secret/ssh clarity on Create & Update

Added clarity notes on required permissions (`update` & `create`) that's otherwise not obvious without experience of other mounts that have requirements for similar ACL to manage. Resolves #9888.

* Update website/content/api-docs/secret/ssh.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/secret/ssh.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Docs: API secret/ssh clarity on Create & Update...

Reduced text (-1 line) further to feedback from @benashz; retaining details on `create` vs `update` difference as per [API transit method that calls this out too.](https://www.vaultproject.io/api-docs/secret/transit#encrypt-data)

* trigger ci

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

website/content/api-docs/secret/ssh.mdx

@@ -817,8 +817,13 @@ $ curl \
 
 ## Sign SSH Key
 
-This endpoint signs an SSH public key based on the supplied parameters, subject
-to the restrictions contained in the role named in the endpoint.
+This endpoint signs an SSH public key based on the supplied parameters and 
+subject to the restrictions of the role named in the path. Both `create` and 
+`update` policy capabilities are needed to sign and update SSH keys. If only 
+`create` capability is granted, and a SSH key does not exist, it will be created 
+using the default parameters already configured. If only `update` capability is 
+available and a SSH key does not exist, an error will be returned and SSH keys 
+must exist already before may be updated.
 
 It is similar to the endpoint `/ssh/issue/:name`. Instead of issuing new
 SSH credentials, this returns a certificate for the given SSH public key.