Clarify ACME challenge scheduling behaviour

[wallrj]

What this PR does

Clarifies the ACME challenge scheduling documentation.

This updates the ACME concepts, configuration, and troubleshooting pages to explain that challenge scheduling is intentionally conservative, and that the scheduler should be understood as a coarse back-pressure mechanism rather than a fairness or policy layer.

Related to cert-manager/cert-manager#8781 and cert-manager/cert-manager#8643.

Why

The current documentation explains what the scheduler does, but not clearly why it behaves this way.

In particular, this PR adds context that:

• cert-manager self-checks from a single network and DNS viewpoint;
• different solver backends do not reliably imply independent ACME-visible validation paths;
• the scheduler therefore keeps a coarse conflict key by design; and
• multi-tenant isolation and DNS-name ownership constraints are better handled through policy, approval, admission, or separate deployments.

It also adds cross-links from the ACME configuration and troubleshooting pages back to the concepts page, and to the policy documentation.

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wallrj for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[netlify]

✅ Deploy Preview for cert-manager ready!

Built without sensitive environment variables

Name	Link
🔨 Latest commit	d41b2b0
🔍 Latest deploy log	https://app.netlify.com/projects/cert-manager/deploys/6a041c02ecf5990008aa9feb
😎 Deploy Preview	https://deploy-preview-2097--cert-manager.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[wallrj]

I have expanded this section because the corresponding code change in cert-manager/cert-manager#8781 is primarily documenting design intent rather than altering behaviour. The aim here is to make the same reasoning visible to documentation readers: the scheduler is intentionally conservative because a single cert-manager instance performs self-checks from one network and DNS viewpoint, and this is not the right layer to enforce multi-tenant isolation or DNS-name ownership policy.