Fix formatting issues within pki health-check cli documentation (#23288)

* Fix formatting issue within pki health-check cli

 - Missing a ``` within the CRL validity period which caused a bunch of sections to be collected within the box
 - One shell session was shifted over too much in the Too many certificates section

* Add missing '$' in front of the command

* Reorder pki entry in nav bar and add more missing $ in vault commands

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

website/content/docs/commands/pki/health-check.mdx

@@ -172,6 +172,7 @@ Use `vault write` to enable CRL auto-rebuild:
 
 ```shell-session
 $ vault write <mount>/config/crl auto_rebuild=true
+```
 
 ### Hardware-Backed root certificate
 
@@ -315,7 +316,7 @@ This health check checks whether audit information is accessible to log consumer
 Use `vault secrets tune` to set the desired audit parameters:
 
 ```shell-session
-vault secrets tune \
+$ vault secrets tune \
   -audit-non-hmac-response-keys=certificate \
   -audit-non-hmac-response-keys=issuing_ca \
   -audit-non-hmac-response-keys=serial_number \
@@ -380,22 +381,25 @@ This health check verifies if the `If-Modified-Since` header has been added to `
 
 1. Update `allowed_response_headers` and `passthrough_request_headers` for all
    policies with `vault secrets tune`:
-    ```shell-session
+
-    vault secrets tune \
+  ```shell-session
+  $ vault secrets tune \
       -passthrough-request-headers="If-Modified-Since" \
       -allowed-response-headers="Last-Modified" \
       <mount>
-    ```
+  ```
+
 1. Update ACME-specific headers with `vault secrets tune` (if you are using ACME):
-    ```shell-session
+
-    vault secrets tune \
+  ```shell-session
+  $ vault secrets tune \
       -passthrough-request-headers="If-Modified-Since" \
       -allowed-response-headers="Last-Modified" \
       -allowed-response-headers="Replay-Nonce" \
       -allowed-response-headers="Link" \
       -allowed-response-headers="Location" \
       <mount>
-    ```
+  ```
 
 ### Auto-Tidy disabled
 
@@ -419,14 +423,14 @@ This health check verifies that auto-tidy is enabled, with sane defaults for int
 Use `vault write` to enable auto-tidy with the recommended defaults:
 
 ```shell-session
-vault write <mount>/config/auto-tidy \
+$ vault write <mount>/config/auto-tidy \
-  enabled=true \
+    enabled=true \
-  tidy_cert_store=true \
+    tidy_cert_store=true \
-  tidy_revoked_certs=true \
+    tidy_revoked_certs=true \
-  tidy_acme=true \
+    tidy_acme=true \
-  tidy_revocation_queue=true \
+    tidy_revocation_queue=true \
-  tidy_cross_cluster_revoked_certs=true \
+    tidy_cross_cluster_revoked_certs=true \
-  tidy_revoked_cert_issuer_associations=true
+    tidy_revoked_cert_issuer_associations=true
 ```
 
 ### Tidy hasn't run
@@ -447,15 +451,17 @@ This health check verifies that tidy has run within the last run window. This ca
 **Remediation steps**:
 
 1. Schedule a manual run of tidy with `vault write`:
-    ```shell-session
+
-    vault write <mount>/tidy \
+  ```shell-session
+  $ vault write <mount>/tidy \
       tidy_cert_store=true \
       tidy_revoked_certs=true \
       tidy_acme=true \
       tidy_revocation_queue=true \
       tidy_cross_cluster_revoked_certs=true \
       tidy_revoked_cert_issuer_associations=true
-    ```
+  ```
+
 1. Review the tidy status endpoint, `vault read <mount>/tidy-status` for
    additional information.
 1. Re-configure auto-tidy based on the log information and results of your
@@ -482,18 +488,18 @@ This health check verifies that this cluster has a reasonable number of certific
 
 1. Verify that tidy ran recently with `vault read`:
     ```shell-session
-    vault read <mount>/tidy-status
+    $ vault read <mount>/tidy-status
     ````
 1. Schedule a manual run of tidy with `vault write`:
-	    ```shell-session
+    ```shell-session
-	    vault write <mount>/tidy \
+    $ vault write <mount>/tidy \
-	      tidy_cert_store=true \
+      tidy_cert_store=true \
-	      tidy_revoked_certs=true \
+      tidy_revoked_certs=true \
-	      tidy_acme=true \
+      tidy_acme=true \
-	      tidy_revocation_queue=true \
+      tidy_revocation_queue=true \
-	      tidy_cross_cluster_revoked_certs=true \
+      tidy_cross_cluster_revoked_certs=true \
-	      tidy_revoked_cert_issuer_associations=true
+      tidy_revoked_cert_issuer_associations=true
-	    ```
+    ```
 1. Enable `auto-tidy`.
 1. Make sure that you are not renewing certificates too soon. Certificate
    lifetimes should reflect the expected usage of the certificate. If the TTL is
@@ -535,7 +541,7 @@ This health check verifies if the `"Replay-Nonce`, `Link`, and `Location` header
 
 Use `vault secrets tune` to add the missing headers to `allowed_response_headers`:
 ```shell-session
-vault secrets tune \
+$ vault secrets tune \
   -allowed-response-headers="Last-Modified" \
   -allowed-response-headers="Replay-Nonce" \
   -allowed-response-headers="Link" \

website/data/docs-nav-data.json

@@ -635,35 +635,6 @@
           }
         ]
       },
-      {
-        "title": "<code>pki</code>",
-        "routes": [
-          {
-            "title": "Overview",
-            "path": "commands/pki"
-          },
-          {
-            "title": "<code>health-check</code>",
-            "path": "commands/pki/health-check"
-          },
-          {
-            "title": "<code>verify-sign</code>",
-            "path": "commands/pki/verify-sign"
-          },
-          {
-            "title": "<code>list-intermediates</code>",
-            "path": "commands/pki/list-intermediates"
-          },
-          {
-            "title": "<code>issue</code>",
-            "path": "commands/pki/issue"
-          },
-          {
-            "title": "<code>reissue</code>",
-            "path": "commands/pki/reissue"
-          }
-        ]
-      },
       {
         "title": "<code>lease</code>",
         "routes": [
@@ -787,6 +758,35 @@
         "title": "<code>path-help</code>",
         "path": "commands/path-help"
       },
+      {
+        "title": "<code>pki</code>",
+        "routes": [
+          {
+            "title": "Overview",
+            "path": "commands/pki"
+          },
+          {
+            "title": "<code>health-check</code>",
+            "path": "commands/pki/health-check"
+          },
+          {
+            "title": "<code>verify-sign</code>",
+            "path": "commands/pki/verify-sign"
+          },
+          {
+            "title": "<code>list-intermediates</code>",
+            "path": "commands/pki/list-intermediates"
+          },
+          {
+            "title": "<code>issue</code>",
+            "path": "commands/pki/issue"
+          },
+          {
+            "title": "<code>reissue</code>",
+            "path": "commands/pki/reissue"
+          }
+        ]
+      },
       {
         "title": "<code>plugin</code>",
         "routes": [