rfc: warn about PVs on recreation

Signed-off-by: Moritz Sanft <[email protected]>

rfc/terraform-provider.md

@@ -86,7 +86,9 @@ The `constellation_cluster` resource is the main resource implemented by the pro
 It declares a Constellation cluster with a specific configuration.
 Applying it will create the cluster if not existing, upgrade the cluster when the changes can be performed in place (e.g. K8s / node image / microservice update) *or*
 recreate the resource when the update can't be performed in-place (e.g. changing the master secret), update it with the according configuration if already existing,
-or deletes it if not present in the configuration but in the state.
+or deletes it if not present in the configuration but in the state. If resource recreation is necessary (i.e. if the resources cannot be updated in-place), an
+[error](https://developer.hashicorp.com/terraform/plugin/framework/migrating/attributes-blocks/force-new#framework) is thrown that indicates that content on previously created
+persistent volumes (encrypted with the old mastersecret) cannot be retrieved with the post-recreation / new mastersecret.
 
 The "constellation_attestation" and "constellation_image" objects are [data sources](https://developer.hashicorp.com/terraform/language/data-sources),
 which are objects that should be evaluated by the Provider each time the state is refreshed (i.e. each time any Terraform command that evaluates configuration against state),