docs(key-auto-rotation): update implementation roadmap from 5 PRs to 4 (merge spec+manual into PR1)

Author: Manuthor

documentation/docs/kmip_support/key_auto_rotation.md

@@ -566,35 +566,29 @@ ckms sym keys set-rotation-policy \
 
 ## Implementation roadmap
 
-This feature is delivered as a cascade of five stacked pull requests, each
+This feature is delivered as a cascade of four stacked pull requests, each
 building on the previous one:
 
 ```text
-develop ← PR 1 ← PR 2 ← PR 3 ← PR 4 ← PR 5
+develop ← PR 1 ← PR 2 ← PR 3 ← PR 4
 ```
 
-### PR 1 — Specification (this document)
+### PR 1 — Specification + manual rotation for all key types (#968)
 
-Publish the complete key auto-rotation specification so reviewers and
-subsequent PRs have a stable reference.  Standardise terminology: **Key
-Rotation** for symmetric/asymmetric re-keying, **Certificate Renewal** for
-certificate operations.
+Publish the complete key auto-rotation specification and implement all
+manual-rotation flows:
 
-### PR 2 — Manual rotation for all key types + test vectors
+- Standardise terminology: **Key Rotation** for symmetric/asymmetric
+  re-keying, **Certificate Renewal** for certificate operations
+- `Re-Key` implementation for all six symmetric/asymmetric scenarios
+- `Re-Key Key Pair` for all curve types (RSA, EC, ML-KEM, ML-DSA, SLH-DSA,
+  X25519, secp256k1, CoverCrypt)
+- `ReCertify` (KMIP §6.1.45) for self-signed and CA-signed certificate renewal
+- Offset-based `PreActive` state for keys/certificates with future activation
+  dates
+- 344 test vectors (non-regression coverage for all flows)
 
-Implement `Re-Key` and `Re-Key Key Pair` for all six scenarios described
-in this document:
-
-1. Plain symmetric key
-2. Wrapping key (rotate + re-wrap all dependants)
-3. Wrapped key (unwrap → new material → re-wrap)
-4. Asymmetric key pair (new private key + new public key UIDs)
-5. Wrapped private key / CoverCrypt
-6. Server-wide KEK (transparent — validated via test configuration variant)
-
-All test vectors green at merge time.  No auto-rotation scheduler in this PR.
-
-### PR 3 — Auto-rotation scheduler + deadline detection
+### PR 2 — Auto-rotation scheduler + deadline detection (#970)
 
 Background cron that finds due keys and rotates them automatically:
 
@@ -603,25 +597,27 @@ Background cron that finds due keys and rotates them automatically:
   `x-rotate-interval = 0` on old key)
 - `--auto-rotation-check-interval-secs` server config flag + wizard step
 - Approaching-deadline detection (30 / 7 / 1 days before next scheduled
-  rotation) emitting events via a `Notifier` trait (no-op stub until PR 4)
+  rotation) emitting events via a `Notifier` trait (no-op stub until PR 3)
 - OTel counter `kms.key.auto_rotation` on every successful rotation
 
-### PR 4 — Notification system (webhooks)
+### PR 3 — Notification system (SMTP email) (#971)
 
-First concrete `Notifier` implementation — POST JSON to configured URLs:
+First concrete `Notifier` implementation — sends HTML/plain-text emails
+via SMTP (`lettre` 0.11):
 
 - **Events**: `rotation_success`, `rotation_failure`, `approaching_deadline`
-- Exponential-backoff retry; failures logged but never block rotation
-- Configuration designed as an extensible enum for future sinks (email,
-  Slack, cloud pub/sub)
-- Wizard step for notification endpoint setup
+- Threshold-based dedup: warning emitted once per threshold per key
+- Failures are logged at `warn!` level and never block rotation
+- `NotificationsStore` trait backed by SQLite, PostgreSQL, and MySQL
+- HTTP API for reading notifications from the UI
+- `SmtpConfig` wizard step for notification endpoint setup
 
-### PR 5 — UI and CLI features
+### PR 4 — UI and CLI features (#973)
 
 Mirror rotation features in the Web UI and `ckms` CLI:
 
-- Wire existing `SetRotationPolicy` and `KeysReKey` UI components (routes +
-  menu entries)
-- New `GetRotationPolicy` page (display policy + computed next rotation date)
-- `ckms sym keys get-rotation-policy` CLI command
+- `set-rotation-policy` and `get-rotation-policy` subcommands under
+  `ckms sym keys`
+- Re-Key, Set/Get Rotation Policy pages in the Web UI (Symmetric Keys section)
+- `NotificationsBell` component with unread count badge and drawer
 - Playwright E2E tests for all rotation UI flows