Revert "Revert "OCPBUGS-48192: clarifying the role of the root cred in CCO mint mode""

authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc

@@ -11,9 +11,14 @@ Mint mode is the default Cloud Credential Operator (CCO) credentials mode for {p
 [id="mint-mode-about"]
 == Mint mode credentials management
 
-For clusters that use the CCO in mint mode, the administrator-level credential is stored in the `kube-system` namespace. The CCO uses the `admin` credential to process the `CredentialsRequest` objects in the cluster and create users for components with limited permissions.
+For clusters that use the CCO in mint mode, the administrator-level credential is stored in the `kube-system` namespace. 
+The CCO uses the `admin` credential to process the `CredentialsRequest` objects in the cluster and create users for components with limited permissions.
 
-With mint mode, each cluster component has only the specific permissions it requires. The automatic, continuous reconciliation of cloud credentials in mint mode allows actions that require additional credentials or permissions, such as upgrading, to proceed.
+With mint mode, each cluster component has only the specific permissions it requires.
+Cloud credential reconciliation is automatic and continuous so that components can perform actions that require additional credentials or permissions.
+
+For example, a minor version cluster update (such as updating from {product-title} 4.16 to 4.17) might include an updated `CredentialsRequest` resource for a cluster component.
+The CCO, operating in mint mode, uses the `admin` credential to process the `CredentialsRequest` resource and create users with limited permissions to satisfy the updated authentication requirements.
 
 [NOTE]
 ====