* changelog++

* Keep Clint's changes

* Tired of typing versions

* vault-k8s: add new annotations for 0.5.0

* feedback revision

* Add Known Issue for AWS IAM logins

* Add note about license issue

* add links to commonly reference Learn site docs

* fixed markdown links

* Moved Deployment Guide to "Guides" subs section

Credit for Felix.

* Updates for 1.5.1, 1.4.4, 1.3.8, and 1.2.5

* Recommend against using these versions

* Re-running checks

* Update docs-navigation.js

`Group.Read.All` is too permissive policy to achieve external groups
feature. `GroupMembers.Read.All` is enough for that purpose.

MicroSoft Graph API Permission reference follows
https://docs.microsoft.com/en-us/graph/permissions-reference#application-permissions-23

* Update hashicorp/vault-plugin-secrets-azure to v0.6.2

* update go mod vendor

Adding a note that `vaultuser` might be part of the AD domain like `DOMAIN\vaultuser`.

Moving the CL entry for #9606 to the `v1.4.4` section. It's implied that anything in 1.n is also in 1.n+1

* Update documentation for MySQL Secrets Engine

Update documentation for MySQL Database Secrets Engine to reflect changes introduced with https://github.com/hashicorp/vault/pull/9181



* Empty Commit to re-trigger tests
Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com>

* Conditionally overwrite TLS parameters in MySQL DSN

Overwrite MySQL TLS configuration in MySQL DSN only if have `tls_ca` or `tls_certificate_key` set
Current logic always overwrites it

* Add test for MySQL DSN with a valid TLS parameter in query string

(In the transit api-docs)

* TOB-018 remediation

* Make key derivation an optional config flag, off by default, for backwards compatibility

* Fix unit tests

* Address some feedback

* Set config on unit test

* Fix another test failure

* One more conf fail

* Switch one of the test cases to not use a derive dkey

* wip

* comments