Add documentation around Managed HSM KeyVault

This introduces the "resource" config parameter and the
AZURE_AD_RESOURCE environment variable from the updated go-kms-wrapping
dependency.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

website/content/docs/configuration/seal/azurekeyvault.mdx

@@ -57,6 +57,10 @@ These parameters apply to the `seal` stanza in the Vault configuration file:
 - `key_name` `(string: <required>)`: The Key Vault key to use for encryption and decryption. May also be specified by the
   `VAULT_AZUREKEYVAULT_KEY_NAME` environment variable.
 
+- `resource` `(string: "vault.azure.net")`: The AZ KeyVault resource's DNS Suffix to connect to.
+  May also be specified in the `AZURE_AD_RESOURCE` environment variable.
+  Needs to be changed to connect to Azure's Managed HSM KeyVault instance type.
+
 ## Authentication
 
 Authentication-related values must be provided, either as environment
@@ -68,6 +72,7 @@ Azure authentication values:
 - `AZURE_CLIENT_ID`
 - `AZURE_CLIENT_SECRET`
 - `AZURE_ENVIRONMENT`
+- `AZURE_AD_RESOURCE`
 
 ~> **Note:** If Vault is hosted on Azure, Vault can use Managed Service
 Identities (MSI) to access Azure instead of an environment and shared client id
@@ -79,6 +84,10 @@ prevents your Azure credentials from being stored as clear text. Refer to the
 Hardening](https://learn.hashicorp.com/vault/day-one/production-hardening) guide
 for more best practices.
 
+-> **Note:** If you are using a Managed HSM KeyVault, `AZURE_AD_RESOURCE` or the `resource`
+configuration parameter must be specified; usually this should point to `managedhsm.azure.net`,
+but could point to other suffixes depending on Azure environment.
+
 ## `azurekeyvault` Environment Variables
 
 Alternatively, the Azure Key Vault seal can be activated by providing the following