Tweak the updated deployment docs

[jhkennedy]

I've:

• mostly just restructured the deployment section into 3 parts and used collapsing details for the security-environment-specific sections (I'd love to use tabs, but GitHub doesn't support that)
• I added alerts to show what parts require an ASF employee to be in the loop

Since I'm making use of GitHub's markdown, I recommend reviewing the README as rendered in GitHub:
https://github.com/ASFHyP3/hyp3/blob/jhk-deploy-docs/README.md

[jhkennedy]

I called out what steps require ASF to be in the loop, but maybe we don't need to with the top-level warning?

https://github.com/ASFHyP3/hyp3/pull/2603/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R30-R34

[jtherrmann]

I think it's fine to call out these steps, but I want to clearly distinguish steps that would require ASF even if someone forks HyP3 and deploys to their own AWS account, because I feel like the expectation with an open-source project is that anyone should be able to fork and build/deploy it. If that's not the case, we should call that out. (Also see my question on the top-level warning.)

[jtherrmann]

It's not currently possible to deploy HyP3 fully independent of ASF due to our integration with ASF Vertex

Is this just referring to our use of the asf-urs cookie?

[jtherrmann]

This [!WARNING] block isn't rendering correctly for me.

[jtherrmann]

Oh, I think that none of the admonitions within the collapsible sections are rendering correctly.

[jtherrmann]

Suggested change

	> ![TIP]
	> [!TIP]

[Alex-Lewandowski]

I really appreciate this update to the deployment docs. The instructions are easy to understand and follow. The drop-down sections improve navigation. I added a few comments, mostly minor. There are a couple of broken links.

[Alex-Lewandowski]

The list of steps below could be ordered. Change "navigating" to "Navigate."

[Alex-Lewandowski]

Line 108: "Set the account-wide..." -> "Account-wide..."

[Alex-Lewandowski]

Add a note indicating that the following jpl.nasa.gov links are only reachable if you have been given access.

[Alex-Lewandowski]

Or not, idk. There are multiple links in this doc that require permission to access. We could add a disclaimer at the top, or maybe it's not necessary.

[Alex-Lewandowski]

Broken link

[Alex-Lewandowski]

Missing an "in": "associated JPL-managed AWS account an AWS SecretsManager" -> "associated JPL-managed AWS account in an AWS SecretsManager"

[Alex-Lewandowski]

Suggested change

	> with the same name as the service user. They automatically rotated by JPL every 90 days and so
	> with the same name as the service user. JPL automatically rotates them every 90 days and so

[Alex-Lewandowski]

Suggested change

	5. Log into Vertex as the new user, and confirm you can download files, e.g. https://datapool.asf.alaska.edu/METADATA_SLC/SA/S1A_IW_SLC__1SDV_20230130T184017_20230130T184044_047017_05A3C3_381F.iso.xml
	5. Log into Vertex as a new user and confirm you can download files, e.g. https://datapool.asf.alaska.edu/METADATA_SLC/SA/S1A_IW_SLC__1SDV_20230130T184017_20230130T184044_047017_05A3C3_381F.iso.xml

[Alex-Lewandowski]

Suggested change

	<summary>##### JPL: Allow a public HyP3 content bucket for JPL accounts</summary>
	<summary>JPL: Allow a public HyP3 content bucket for JPL accounts</summary>

[Alex-Lewandowski]

Suggested change

	<summary>##### All: Grant AWS account permission to pull the hyp3-gamma container</summary>
	<summary>All: Grant AWS account permission to pull the hyp3-gamma container</summary>

[Alex-Lewandowski]

Suggested change

	> JPL deployments _must_ start with the JPL security environment, but can be migrated to the `JPL-public` one
	> JPL deployments _must_ start with the JPL security environment, but can be migrated to `JPL-public`