Add configuration section to sync API docs (#24179)

* Add configuration section

* Add restricted root namespace alert

website/content/api-docs/system/secrets-sync.mdx

@@ -11,6 +11,56 @@ The `/sys/sync` endpoints are used to configure destinations and associate secre
 Each destination type has its own endpoint for creation & update operations, but share the same endpoints for read &
 delete operations.
 
+## Configuration
+
+The `sys/sync/config` endpoint is used to set configuration parameters for the sync system as a whole.
+
+@include 'alerts/restricted-root.mdx'
+
+| Method  | Path              |
+|:--------|:------------------|
+| `PATCH` | `sys/sync/config` |
+
+### Parameters
+
+- `disabled` `(bool: false)` - Disables sync operations from sending secrets in Vault to external destinations when
+set to true. While disabled, actions performed in Vault which trigger a sync operation will instead get queued to be
+processed once syncing is reactivated. Queued operations will have a status of `PENDING` until they are completed.
+This is provided as a safety mechanism for emergencies.
+
+### Sample payload
+```json
+{
+    "disabled": "true"
+}
+```
+
+### Sample request
+
+```shell-session
+$ curl \
+    --header "X-Vault-Token: ..." \
+    --request PATCH \
+    --data @payload.json
+    http://127.0.0.1:8200/v1/sys/sync/config
+```
+
+### Sample response
+
+```json
+{
+    "request_id": "uuid",
+    "lease_id": "",
+    "lease_duration": 0,
+    "renewable": false,
+    "data": {
+        "disabled": true
+    },
+    "warnings": null,
+    "mount_type": "system"
+}
+```
+
 ## List destinations
 
 This endpoint lists all configured sync destination names regrouped by destination type.