Docs/secrets sync ssrf private endpoints (#28746)

* docs: add Secrets Sync SSRF protection breaking change to 1.17 upgrade guide

The Secrets Sync feature in 1.17.3 introduced SSRF protection that blocks private IP ranges, affecting users accessing secret stores through private endpoints. This adds documentation about the change and available options.

* renamed issue

* referenced secret sync ssrf known issue

* re-ordered secret sync known issue in page

* Hide copy-to-clipboard button on the output example codeblock

---------

Co-authored-by: yhyakuna <yoko@hashicorp.com>

website/content/docs/upgrading/upgrade-to-1.17.x.mdx

@@ -204,4 +204,6 @@ more details, and information about opt-out.
 
 @include 'known-issues/sync-activation-flags-cache-not-updated.mdx'
 
+@include 'known-issues/1_17_secrets-sync-ssrf-private-endpoints.mdx'
+
 @include 'known-issues/duplicate-hsm-key.mdx'

website/content/partials/known-issues/1_17_secrets-sync-ssrf-private-endpoints.mdx

@@ -0,0 +1,21 @@
+### Secrets Sync SSRF Protection May Block Private Endpoints
+
+As of version 1.17.3, Vault's Secrets Sync includes additional Server-Side Request Forgery (SSRF) protection measures. This security enhancement prevents sync operations to certain IP ranges by introducing a new SSRF-safe HTTP client. The client specifically blocks requests to private IP ranges (such as 10.0.0.0/8), which affects users accessing cloud provider secret stores through private endpoints.
+
+**Impact:**
+- Secrets Sync operations to private IP ranges will be blocked
+- Affects all destinations when accessed via private endpoints
+
+**Example error message:**
+
+<CodeBlockConfig hideClipboard>
+
+```plaintext
+couldn't sync secret with store: failed to publish event: dial tcp [IP]: prohibited IP address: [IP] is not a permitted destination (denied by: 10.0.0.0/8)
+```
+
+</CodeBlockConfig>
+
+**Current Workaround:**
+1. Remain on Vault version 1.17.2 or earlier if you require Secrets Sync with private endpoints
+2. Use public endpoints for your secret store services