Docs: Add section on managing/adding backups

[JacobCoffee]

What

When adding new backup files/directories, we will need to add related keys for this. This and other things (like SSH key changes when hosts upgrade/change) should be documented

---

Keys are not being made for the two new entries :(

root@hg:~# ls /etc/backup/.ssh
id_rsa_python-hg

from

{{ backup }}-ssh-key:
  file.managed:
    - name: /etc/backup/.ssh/id_rsa_{{ backup }}
    - contents_pillar: backup-secret:directories:{{ backup }}:ssh_key
    - user: {{ config['user'] }}
    - mode: "0600"
    - show_diff: False 

probably due to missing pillar data in the secrets file for backup

Originally posted by @JacobCoffee in https://github.com/python/psf-salt/issues/474#issuecomment-2297259859

[ewdurbin]

I wonder if we should re-evaluate this and refactor our backup setup to a "key per host" rather than a "key per backup".

It was some time ago, but I think I initially set it up as "key per backup" so that we could have non-root users running backups. In practice that has never occurred.

[ewdurbin]

These are out of sync because we store the private keys in the secret pillar data. I think we could also just have salt generate them though which would avoid the issue we're running into here (creating a backup doesn't create the key).