Transform tokenization key auto-rotate docs (#16410)

* Document auto rotate fields for transform tokenization endpoints.

* Update Transform tokenization docs to mention key auto-rotation.

website/content/api-docs/secret/transform.mdx

@@ -1790,12 +1790,18 @@ Only valid for tokenization transformations.
   Specifies the minimum key version that vault can use to decode values for the
   corresponding transform.
 
+- `auto_rotate_period` `(duration: "0", optional)` - The period at which this key
+  should be rotated automatically. Setting this to "0" will disable automatic key
+  rotation. This value cannot be shorter than one hour. Uses
+  [duration format strings](/docs/concepts/duration-format).
+
 ### Sample Payload
 
 ```json
 [
   {
-    "min_decryption_version": 1
+    "min_decryption_version": 1,
+    "auto_rotate_period": "4320h"
   }
 ]
 ```
@@ -1861,6 +1867,7 @@ $ curl \
     "latest_version": 1,
     "min_available_version": 0,
     "min_decryption_version": 1,
+    "auto_rotate_period": "4320h",
     "name": "transform_name"
   }
 }

website/content/docs/secrets/transform/tokenization.mdx

@@ -190,7 +190,9 @@ Tokenization supports key rotation. Keys are tied to transforms, so key
 names are the same as the name of the corresponding tokenization transform.
 Keys can be rotated to a new version, with backward compatibility for
 decoding. Encoding is always performed with the newest key version. Keys versions
-can be tidied as well. For more information, see the [transform api docs](../../../api-docs/secret/transform).
+can be tidied as well. Keys may also be rotated automatically on a user-defined
+time interval, specified by the `auto_rotate_field` of the key config. For more
+information, see the [transform api docs](../../../api-docs/secret/transform).
 
 ## Tutorial