Add batch token info to token store, approle, mount tuning

website/source/api/auth/approle/index.html.md

@@ -101,6 +101,9 @@ enabled while creating or updating a role.
 - `enable_local_secret_ids` `(bool: false)` - If set, the secret IDs generated
   using this role will be cluster local. This can only be set during role
   creation and once set, it can't be reset later.
+- `token_type` `(string: "")` - The type of token that should be generated via
+  this role. Can be `service`, `batch`, or `default` to use the mount's default
+  (which unless changed will be `service` tokens).
 
 ### Sample Payload
 

website/source/api/auth/token/index.html.md

@@ -674,6 +674,9 @@ tokens created against a role to be revoked using the
   current role value at each usage; it is set on the token itself. Root tokens
   with no TTL will not be bound by these CIDRs; root tokens with TTLs will be
   bound by these CIDRs.
+- `token_type` `(string: "")` – Specifies the type of tokens that should be
+  returned by the role; either `service` or `batch`. If empty, `service` tokens
+  will be returned.
 
 ### Sample Payload
 

website/source/api/system/auth.html.md

@@ -228,6 +228,18 @@ can be achieved without `sudo` via `sys/mounts/auth/[auth-path]/tune`._
 - `passthrough_request_headers` `(array: [])` - Comma-separated list of headers
     to whitelist and pass from the request to the backend.
 
+- `token_type` `(string: "")` – Specifies the type of tokens that should be
+  returned by the mount. The following values are available:
+
+  - `default-service`: Unless the auth method requests a different type, issue
+    service tokens
+  - `default-batch`: Unless the auth method requests a different type, issue
+    batch tokens
+  - `service`: Override any auth method preference and always issue service
+    tokens from this mount
+  - `batch`: Override any auth method preference and always issue batch tokens
+    from this mount
+
 ### Sample Payload
 
 ```json