Add rotate root docs for azure secrets (#19187)

changelog/19187.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+website/docs: Add rotate root documentation for azure secrets engine
+```

website/content/docs/secrets/azure.mdx

@@ -103,6 +103,20 @@ This endpoint generates a renewable set of credentials. The application can logi
 using the `client_id`/`client_secret` and will have access provided by configured service
 principal or the Azure roles set in the "my-role" configuration.
 
+## Root Credential Rotation
+
+If the mount is configured with credentials directly, the credential's key may be
+rotated to a Vault-generated value that is not accessible by the operator.
+This will ensure that only Vault is able to access the "root" user that Vault uses to
+manipulate dynamic & static credentials.
+
+```shell-session
+vault write -f azure/rotate-root
+```
+
+For more details on this operation, please see the
+[Root Credential Rotation](/vault/api-docs/secret/azure#rotate-root) API docs.
+
 ## Roles
 
 Vault roles let you configure either an existing service principal or a set of Azure roles, along with