Document proper storage of backup USB device passphrase

[simonft]

Describe the change

The SecureDrop docs suggest storage methods for the various passphrases and secrets, however no suggestion is made for the backup passphrase. Adding a suggestion would be helpful.

How will this impact users?

If this passphrase is compromised there are serious security issue, and if it's lost and not noticed before a USB devices fails it's possible a lot of the infrastructure will need to be rebuilt, the submission key changed, and exiting submissions lost. A suggestion of a storage location for this passphrase will lessen risk for admins setting up the system.

User Research Evidence

None other than me having to think about this for a while when going through setup.

Additional context

My intuition is that the backup USB device passphrase is as important to keep secret as the workstation and SVS passwords, and therefore should not be written down or recorded on a device not treated with similar care. Obviously storing it in the password managers of just one the USBs being backed up is not a good idea, but maybe storing it on both a workstation and the SVS is a good answer? Remembering it is hard and somewhat risky, as it's used less frequently than the persistent storage passhrases and thus more likely to be forgotten.

https://docs.securedrop.org/en/stable/passphrases.html documents most/all of the other passphrases but not the backup device one. https://docs.securedrop.org/en/stable/passphrase_best_practices.html?highlight=passphrase#for-journalists-admins suggests (by omission) that the backup passphrase isn't one that needs to be remembered.