Moved data protection info to a new page in the General Information

[ProgrammerAL]

Fixes #471

• Moved data protection info to a new page in the General Information section
  • Added callouts for BFF
• Updated the Data Protection info for IdentityServer to link to the general topic.

[ProgrammerAL]

I moved the Data Protection content to the /general section because it's shared. We probably should have discussed ahead of time, but I didn't think there was anywhere else the docs could go. If anyone has a better suggestion, I'm open to it.

[maartenba]

Left a couple of suggested changes.

There are some sections that seem to fit deployment/index.md better as they are IdentityServer-specific. Would consider moving those back.

[wcabus]

I still want to link to the overview of Data Protection defaults (https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings), but don't know at the moment where it would be best to put this.

I don't believe we should repeat Microsoft's docs concerning the defaults however, in case they get updated with new scenarios. There is one exception imo: the use of DPAPI. If you rely on the default configuration on Windows-based environments, DPAPI or DPAPI-NG is being used over which you have no control, making it harder to migrate data protection keys.

[ProgrammerAL]

@wcabus

I still want to link to the overview of Data Protection defaults (https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings), but don't know at the moment where it would be best to put this.

I don't believe we should repeat Microsoft's docs concerning the defaults however, in case they get updated with new scenarios. There is one exception imo: the use of DPAPI. If you rely on the default configuration on Windows-based environments, DPAPI or DPAPI-NG is being used over which you have no control, making it harder to migrate data protection keys.

That link is already in the ASP.NET Core Data Protection section.

I tried writing something up for DPAPI, but couldn't settle on the wording, or where to put it. I'll leave it out of this PR. But if you think of a good way toa dd it in, we can do it here.

[wcabus]

@wcabus

I still want to link to the overview of Data Protection defaults (https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings), but don't know at the moment where it would be best to put this.
I don't believe we should repeat Microsoft's docs concerning the defaults however, in case they get updated with new scenarios. There is one exception imo: the use of DPAPI. If you rely on the default configuration on Windows-based environments, DPAPI or DPAPI-NG is being used over which you have no control, making it harder to migrate data protection keys.

That link is already in the ASP.NET Core Data Protection section.

I tried writing something up for DPAPI, but couldn't settle on the wording, or where to put it. I'll leave it out of this PR. But if you think of a good way toa dd it in, we can do it here.

Let's leave it like this for now. We already added more docs, links to MS Learn, and a shoutout to use escrow which basically would solve the DPAPI problem.