Add documentation for x-radius-sensitive annotation

[lakshmimsft]

Description

Add documentation for custom annotation x-radius-sensitive

Related GitHub Issue: link

Testing

Contributor Checklist

• File names follow naming conventions and folder structure
• Platform engineer documentation is in README.md
• Developer documentation is the top-level description property
• Example of defining the Resource Type is in the developer documentation
• Example of using the Resource Type with a Container is in the developer documentation
• Verified the output of rad resource-type show is correct
• All properties in the Resource Type definition have clear descriptions
• Enum properties have values defined in enum: []
• Required properties are listed in required: [] for every object property (not just the top-level properties)
• Properties about the deployed resource, such as connection strings, are defined as read-only properties and are marked as readOnly: true
• Recipes include a results output variable with all read-only properties set
• Environment-specific parameters, such as a vnet ID, are exposed for platform engineers to set in the Environment
• Recipes use the Recipe context object when possible
• Recipes are provided for at least one platform
• Recipes handle secrets securely
• Recipes are idempotent
• Resource types and recipes were tested

[zachcasper]

Suggested wording clarification

[zachcasper]

Suggested change

- Properties that contain sensitive data such as passwords, tokens, or keys must be marked with `x-radius-sensitive: true`. This annotation can be applied to properties of type `string` or `object`. Radius will automatically encrypt these fields before database storage and redact them during deployment. Internally, when generating Bicep types, these properties of type `string` will map to `secureString`, and `object` map to `secureObject`.

- Properties that contain sensitive data such as passwords, tokens, or keys must be marked with `x-radius-sensitive: true`. This annotation can be applied to properties of type `string` or `object`. Radius will temporarily encrypted the data using the `radius-encryption-key` secret then store in the Radius data store until deployment completes. Once the deployment completes (successful or otherwise), the data is deleted.

[lakshmimsft]

that's a bit incorrect. the data is encrypted temporarily but it is deleted during deployment even before recipe processing. data is not persisted till the deployment completes/fails. Updating to:
Radius will encrypt the data using the radius-encryption-key secret and store it temporarily in the Radius data store; it will be deleted during deployment processing.

[zachcasper]

Suggested change

	- `value` (string, required): The secret value. This field is annotated with `x-radius-sensitive`, which means Radius will encrypt it before database storage and redact it during deployment.
	- `value` (string, required): The secret value. This field is annotated with `x-radius-sensitive`, which means Radius will temporarily encrypted the data using the `radius-encryption-key` secret then store in the Radius data store until deployment completes. Once the deployment completes (successful or otherwise), the data is deleted.

[lakshmimsft]

the suggestion is not accurate. keeping it as is unless there are other wording suggestions.