[1.82.0] Update vault to 1.21.0 Full Changelog auth/ldap: fix MFA/TOTP enforcement bypass when username_as_alias is enabled. activity: Renamed timestamp in export API response to token_creation_time. http: Add JSON configurable limits to HTTP handling for JSON payloads: max_json_depth, max_json_string_value_length, max_json_object_entry_count, max_json_array_element_count. AES-CBC in Transit (Enterprise): Add support for encryption and decryption with AES-CBC in the Transit Secrets Engine. KV v2 Version Attribution: Vault now includes attribution metadata for versioned KV secrets. This allows lookup of attribution information for each version of KV v2 secrets from CLI and API. Login MFA TOTP Self-Enrollment (Enterprise): Simplify creation of login MFA TOTP credentials for users, allowing them to self-enroll MFA TOTP using a QR code (TOTP secret) generated during login. The new functionality is configurable on the TOTP login MFA method configuration screen and via the enable_self_enrollment parameter in the API. activity (enterprise): Fix development_cluster setting being overwritten on performance secondaries upon cluster reload. auth/cert: Recover from partially populated caches of trusted certificates if one or more certificates fails to load. auth/spiffe: Address an issue updating a role with overlapping workload_id_pattern values it previously contained. core: Role based quotas now work for cert auth