Document automatic certificate and CA rotation strategies and timelines

[mbrancato]

In addition to manual rotation, can you please add documentation on the CA and node cert rotation strategies used in the automatic rotation and restart process? The use-case here is that we need to take the CA and copy it periodically to other locations so the clients can trust the node certs If we know the CA rotates 3 months before the node certs, that could like us set our copy period to be around 1.5 months to ensure we update before the nodes are rotated as well.

Reference: I only saw confirmation that the operator handles cert rotation in the Cockroach Slack: https://cockroachdb.slack.com/archives/C01H20CU0A2/p1627407659009900 Documentation on advanced rotation being ideal: https://www.cockroachlabs.com/docs/stable/rotate-certificates.html#why-rotate-ca-certificates-in-advance

Related to #413