DOC-2277: Warn that BYOC GCP credential rotation needs Support

[micheleRP]

What

Adds a Service account credential rotation callout to two BYOC GCP pages:

• GCP IAM Policies (cloud-iam-policies-gcp.adoc) — new section at the bottom.
• Create a BYOC Cluster on GCP (create-byoc-cluster-gcp.adoc) — section before "Next steps".

The callout text lives in a single shared partial (security:partial$byoc-gcp-credential-rotation.adoc) included by both pages, so it stays in sync.

Why

Customer incident ZD-6896: a BYOC GCP customer rotated their GCP service account credentials without coordinating with Redpanda Support. The agent lost connectivity, the cluster stuck in "Upgrading," tiered storage was disrupted, and recovery took 8 days of Engineering effort. The docs never warned that credential rotation is not self-service. This PR closes that gap.

Resolves DOC-2277.

Notes

• Uses a [WARNING] admonition for the not-self-service / disruption risk, with the "contact Support" instructions as body text above it.
• The internal CIAINFRA-3907 reference is intentionally omitted from the public docs.

Preview pages

• GCP IAM Policies (updated)
• Create a BYOC Cluster on GCP (updated)

🤖 Generated with Claude Code

[coderabbitai]

📝 Walkthrough

Walkthrough

A new AsciiDoc partial file, byoc-gcp-credential-rotation.adoc, is introduced under modules/security/partials/. It describes the procedure for rotating BYOC GCP service account credentials by contacting Redpanda Support and includes a warning that the rotation is not self-service and can leave the cluster in an unrecoverable state if performed without coordination. This partial is then included in two existing pages: the BYOC GCP cluster creation page (within the "Manage custom resource labels and network tags" section) and the GCP cloud IAM policies page.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• redpanda-data/cloud-docs#400: Introduced or expanded the BYOC GCP custom resource labels and network tags workflow in create-byoc-cluster-gcp.adoc, the same section where the new credential rotation partial is now included.

Suggested reviewers

• kbatuigas
• gavinheavyside
• matteogaraventa

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise and accurately summarizes the main change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description covers the change, rationale, linked issue, notes, and preview pages, though it omits the template's review deadline and checklist.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DOC-2277-gcp-credential-rotation-warning

---

_{Comment @coderabbitai help to get the list of available commands.}

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	cd999ec
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/6a3c0160b2553c0008d07b37
😎 Deploy Preview	https://deploy-preview-625--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.