Docs: enabling identity-aware routing (RFC-0055)

[rkoster]

Summary

• New /deploying/ operator setup page (cf-deployment/enable-identity-aware-routing.html) covering how to enable identity-aware routing (per-domain mTLS for the Gorouter) on a cf-deployment foundation: applying enable-identity-aware-routing.yml (and the -cflinuxfs5.yml / use-operator-provided-identity-routing-domain.yml companions), what it configures (BOSH DNS alias, gorouter router.domains, SNI server cert, CA trust), the two-CA model, the router.domains BOSH property reference, and registering the domain with cf create-shared-domain --enforce-route-policies.
• Adds a cross-link to the ops file from Step 2 of the deploy topic (cf-deployment/deploy-cf.html).

Implements the operator-facing part of the outstanding CF Docs deliverable of RFC-0055.

References

• RFC-0055: https://github.com/cloudfoundry/community/blob/main/toc/rfc/rfc-0055-identity-aware-routing-for-gorouter.md
• Tracking issue: [RFC0055] Identity-Aware Routing for GoRouter community#1481
• cf-deployment ops files PR: Add enable-identity-aware-routing ops-file (RFC0055) cf-deployment#1353
• Concepts (anchor) PR: Docs: identity-aware routing concepts (RFC-0055) docs-cloudfoundry-concepts#216
• Developer how-to PR: Docs: identity-aware routing developer how-to (RFC-0055) docs-dev-guide#594

Notes

• Documents only configuration shipped in the add-identity-aware-routing ops files and the gorouter spec.
• Opened as draft for review.

[anita-flegg]

note to me - master branch only