Backport of docs: include Consul namespace claim mapping in auth config example (#26730) (#26734)

When configuring Nomad Enterprise with Consul Enterprise and multiple
namespaces, you need to include the `consul_namespace` mapping in the auth
method configuration. Otherwise you'll see an error like "unknown variable
accessed: value.consul_namespace". There's no example of the updated auth method
configuration you need, which makes this detail unclear when we're showing the
claim being used in the following `consul acl auth-method create` command.

Co-authored-by: Tim Gross <[email protected]>

Author: hc-github-team-nomad-core

website/content/docs/integrations/consul/acl.mdx

@@ -263,9 +263,33 @@ Consul Enterprise supports multiple namespaces and Nomad Enterprise allows jobs
 to use the [`consul.namespace`][] parameter to register services and read KV
 data from different Consul namespaces.
 
-In a multi-namespace environment, you should create the auth method and binding
-rules in the `default` namespace and configure the auth method with a set of
-[`NamespaceRules`][].
+In Nomad Enterprise, workload identities for tasks and services placed within
+the scope of a `consul` block with a `namespace` value, have an additional claim
+called `consul_namespace` that represents the Consul namespace defined in Nomad
+for the workload. In a multi-namespace environment, you should configure the
+auth method to include the `consul_namespace` claim mapping.
+
+<CodeBlockConfig highlight="6" filename="auth-method.json">
+
+```json
+{
+  "JWKSURL": "https://nomad.example.com:4646/.well-known/jwks.json",
+  "JWTSupportedAlgs": ["RS256"],
+  "BoundAudiences": ["consul.io"],
+  "ClaimMappings": {
+    "consul_namespace": "consul_namespace",
+    "nomad_namespace": "nomad_namespace",
+    "nomad_job_id": "nomad_job_id",
+    "nomad_task": "nomad_task",
+    "nomad_service": "nomad_service"
+  }
+}
+```
+
+</CodeBlockConfig>
+
+You should create the auth method and binding rules in the `default` Consul
+namespace and configure the auth method with a set of [`NamespaceRules`][].
 
 ```shell-session
 $ consul acl auth-method create \
@@ -278,18 +302,13 @@ $ consul acl auth-method create \
 
 Similarly to binding rules, namespace rules have a [`Selector`][] expression to
 determine when the rule should be applied and a [`BindNamespace`][] value that
-defines the namespace used.
+defines the Consul namespace used.
 
 Auth methods with a namespace rule create Consul tokens in that Consul
 namespace. Binding rules with `-bind-type role` also target a role and
-associated policies in that same Consul namespace. So you should create the
-auth method and binding rules in the default namespace, and the role and
-policies in the target namespaces.
-
-In Nomad Enterprise, workload identities for tasks and services placed within
-the scope of a `consul` block with a `namespace` value, have an additional
-claim called `consul_namespace` that represents the Consul namespace defined
-in Nomad for the workload.
+associated policies in that same Consul namespace. So you should create the auth
+method and binding rules in the default Consul namespace, and the role and
+policies in the target Consul namespaces.
 
 <CodeBlockConfig highlight="9-11" filename="example.nomad.hcl">