DOCS-1191: Updating SSE params, general fixups (#1295)

Closes #1191 

# Summary

Finally getting around to this mc release

- Added docs for enc-c, enc-s3, enc-kms
- Some docs are making assumptions around behavior that needs to be
fixed _first_
- Drive-by linker fixes

Staged: http://192.241.195.202:9000/staging/DOCS-1191/linux/index.html

---------

Co-authored-by: Andrea Longo <feorlen@users.noreply.github.com>
Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>

source/includes/common-minio-sse.rst

@@ -23,4 +23,115 @@ MinIO generates a random 256-bit unique Object Encryption Key (OEK) and uses tha
 MinIO never stores the plaintext representation of the OEK on a drive. 
 The plaintext OEK resides in RAM during cryptographic operations.
 
-.. end-sse-oek
+.. end-sse-oek
+
+.. start-minio-mc-sse-options
+
+.. mc-cmd:: --enc-kms
+
+   Encrypt or decrypt objects using server-side :ref:`SSE-KMS encryption <minio-sse>` with client-managed keys.
+   
+   The parameter accepts a key-value pair formatted as ``KEY=VALUE``
+
+   .. list-table::
+      :stub-columns: 1
+      :widths: 30 70
+      :width: 100%
+
+      * - ``KEY``
+        - The full path to the object as ``alias/bucket/path/object.ext``.
+
+          You can specify only the top-level path to use a single encryption key for all operations in that path.
+
+      * - ``VALUE``
+        - Specify an existing data key on the external KMS.
+        
+          See the :mc-cmd:`mc admin kms key create` reference for creating data keys.
+
+   For example:
+
+   .. code-block:: shell
+
+      --enc-kms "myminio/mybucket/prefix/object.obj=mybucketencryptionkey"
+
+   You can specify multiple encryption keys by repeating the parameter.
+
+   Specify the path to a prefix to apply encryption to all matching objects at that path:
+
+   .. code-block:: shell
+
+      --enc-kms "myminio/mybucket/prefix/=mybucketencryptionkey"
+
+.. mc-cmd:: --enc-s3
+   :optional:
+
+   Encrypt or decrypt objects using server-side :ref:`SSE-S3 encryption <minio-sse>` with KMS-managed keys.
+   Specify the full path to the object as ``alias/bucket/prefix/object``.
+
+   For example:
+
+   .. code-block:: shell
+
+      --enc-s3 "myminio/mybucket/prefix/object.obj"
+
+   You can specify the parameter multiple times to denote different object(s) to encrypt:
+
+   .. code-block:: shell
+
+      --enc-s3 "myminio/mybucket/foo/fooobject.obj" --enc-s3 "myminio/mybucket/bar/barobject.obj"
+
+   Specify the path to a prefix to apply encryption to all matching objects at that path:
+
+   .. code-block:: shell
+
+      --enc-s3 "myminio/mybucket/foo"
+
+.. start-minio-mc-sse-c-only
+
+.. mc-cmd:: --enc-c
+   :optional:
+
+   Encrypt or decrypt objects using server-side :ref:`SSE-C encryption <minio-sse>` with client-managed keys.
+   
+   The parameter accepts a key-value pair formatted as ``KEY=VALUE``
+
+   .. list-table::
+      :stub-columns: 1
+      :widths: 30 70
+      :width: 100%
+
+      * - ``KEY``
+        - The full path to the object as ``alias/bucket/path/object.ext``.
+
+          You can specify only the top-level path to use a single encryption key for all operations in that path.
+
+      * - ``VALUE``
+        - Specify either a 32-byte RawBase64-encoded key *or* a 64-byte hex-encoded key for use with SSE-C encryption.
+          
+          Raw Base64 encoding **rejects** ``=``-padded keys.
+          Omit the padding or use a Base64 encoder that supports RAW formatting.
+
+   - ``KEY`` - the full path to the object as ``alias/bucket/path/object``.
+   - ``VALUE`` - the 32-byte RAW Base64-encoded data key to use for encrypting object(s).
+
+   For example:
+
+   .. code-block:: shell
+
+      # RawBase64-Encoded string "mybucket32byteencryptionkeyssec"
+      --enc-c "myminio/mybucket/prefix/object.obj=bXlidWNrZXQzMmJ5dGVlbmNyeXB0aW9ua2V5c3NlYwo"
+
+   You can specify multiple encryption keys by repeating the parameter.
+
+   Specify the path to a prefix to apply encryption to all matching objects at that path:
+
+   .. code-block:: shell
+
+      --enc-c "myminio/mybucket/prefix/=bXlidWNrZXQzMmJ5dGVlbmNyeXB0aW9ua2V5c3NlYwo"
+
+   .. note::
+
+      MinIO strongly recommends against using SSE-C encryption in production workloads.
+      Use SSE-KMS via the ``--enc-kms`` or SSE-S3 via ``--enc-s3`` parameters instead.
+
+.. end-minio-mc-sse-options