docs/multiplexing: overhaul plugin documentation (#14509)

* docs/multiplexing: overhaul plugin documentation

* update nav data

* remove dupe nav data

* add external plugin section to index

* move custom plugin backends under internals/plugins

* remove ref to moved page

* revert moving custom plugin backends

* add building plugins from source section to plug dev

* add mux section to plugin arch

* add mux section to custom plugin page

* reorder custom database page

* use 'external plugin' where appropriate

* add link to plugin multiplexing

* fix example serve multiplex func call

* address review comments

* address review comments

* Minor format updates (#14590)

* mv Plugins to top-level; update upgrading plugins

* update links after changing paths

* add section on external plugin scaling characteristics

* add updates on plugin registration in plugin management page

* add plugin learn resource

* be more explicit about mux upgrade steps; add notes on when to avoid db muxing

* add plugin upgrade built-in section

* add caveats to built-in plugin upgrade

* improvements to built-in plugin override

* formatting, add redirects, correct multiplexing use case

* fix go-plugin link

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* remove single item list; add link to Database interface

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

website/content/docs/plugins/plugin-management.mdx

@@ -0,0 +1,69 @@
+---
+layout: docs
+page_title: Plugin Management
+description: >-
+  External Plugins are mountable backends that are implemented using Vault's
+  plugin system.
+---
+
+# Plugin Management
+
+External plugins are the components in Vault that can be implemented separately
+from Vault's built-in plugins. These plugins can be either authentication or
+secrets engines.
+
+The [`api_addr`][api_addr] must be set in order for the plugin process to
+establish communication with the Vault server during mount time. If the storage
+backend has HA enabled and supports automatic host address detection (e.g.
+Consul), Vault will automatically attempt to determine the `api_addr` as well.
+
+Detailed information regarding the plugin system can be found in the
+[internals documentation](/docs/plugins).
+
+## Registering External Plugins
+
+Before an external plugin can be mounted, it needs to be
+[registered](/docs/plugins/plugin-architecture#plugin-registration) in the
+plugin catalog to ensure the plugin invoked by Vault is authentic and maintains
+integrity:
+
+```shell-session
+$ vault plugin register -sha256=<SHA256 Hex value of the plugin binary> \
+    secret \                  # type
+    my-secrets
+
+Success! Registered plugin: myplugin-database-plugin
+```
+
+## Enabling/Disabling External Plugins
+
+After the plugin is registered, it can be mounted by specifying the registered
+plugin name:
+
+```shell-session
+$ vault secrets enable -path=my-secrets passthrough-plugin
+Success! Enabled the passthrough-plugin secrets engine at: my-secrets/
+```
+
+Listing secrets engines will display secrets engines that are mounted as
+plugins:
+
+```shell-session
+$ vault secrets list
+Path         Type       Accessor            Plugin              Default TTL  Max TTL  Force No Cache  Replication Behavior  Description
+my-secrets/  plugin     plugin_deb84140     passthrough-plugin  system       system   false           replicated
+```
+
+Disabling an external plugins is identical to disabling a built-in plugin:
+
+```shell-session
+$ vault secrets disable my-secrets
+```
+
+## Upgrading Plugins
+
+Upgrade instructions can be found in the [Upgrading Plugins - Guides][upgrading_plugins]
+page.
+
+[api_addr]: /docs/configuration#api_addr
+[upgrading_plugins]: /docs/upgrading/plugins