docs: Add missing client settings pages to navigation (#688)

Add all 5 system tray settings under Client > Settings: Allow SSH,
Block Inbound Connections, Connect on Startup, Enable Lazy Connections,
and Enable Quantum-Resistance. Allow SSH and Enable Lazy Connections
redirect to existing docs. Connect on Startup is a new page. Renames
Post-Quantum Cryptography heading to Enable Quantum-Resistance to match
the GUI label.

next.config.mjs

@@ -505,6 +505,16 @@ const nextConfig = {
                 permanent: true,
             },
             // documentation redirects for client
+            {
+                source: '/client/allow-ssh',
+                destination: '/manage/peers/ssh#enabling-ssh',
+                permanent: true,
+            },
+            {
+                source: '/client/enable-lazy-connections',
+                destination: '/manage/peers/lazy-connection',
+                permanent: true,
+            },
             {
                 source: '/how-to/profiles',
                 destination: '/client/profiles',

src/components/NavigationDocs.jsx

@@ -665,12 +665,24 @@ export const docsNavigation = [
         title: 'Settings',
         isOpen: false,
         links: [
+          {
+            title: 'Allow SSH',
+            href: '/client/allow-ssh',
+          },
           {
             title: 'Block Inbound Connections',
             href: '/client/block-inbound-connections',
           },
           {
-            title: 'Post-Quantum Cryptography',
+            title: 'Connect on Startup',
+            href: '/client/connect-on-startup',
+          },
+          {
+            title: 'Enable Lazy Connections',
+            href: '/client/enable-lazy-connections',
+          },
+          {
+            title: 'Enable Quantum-Resistance',
             href: '/client/post-quantum-cryptography',
           },
         ],

src/pages/client/connect-on-startup.mdx

@@ -0,0 +1,52 @@
+import {Note} from "@/components/mdx";
+
+# Connect on Startup
+
+The Connect on Startup setting controls whether the NetBird client automatically connects to the network when the service starts. When enabled (the default), the client establishes a connection as soon as the NetBird service launches — for example, after a system reboot or service restart.
+
+## When to use it
+
+- **Always-on connectivity** (default): Keep the peer connected to the NetBird network at all times, ensuring it is reachable and can access remote resources immediately after boot.
+- **Manual connection control**: Disable this setting if you prefer to connect only when needed, such as on laptops that switch between networks or in environments where you want to minimize background activity.
+- **Conditional startup**: Useful in scripted or automated environments where you want the NetBird service running but only connect on demand.
+
+## What it does
+
+When Connect on Startup is **enabled** (default behavior):
+- The NetBird client automatically connects to the management service and joins the network when the service starts.
+- The peer becomes reachable by other peers immediately after boot.
+
+When Connect on Startup is **disabled**:
+- The NetBird service starts but does not connect automatically.
+- You must manually run `netbird up` or use the system tray to connect.
+- The peer remains offline until an explicit connection is initiated.
+
+<Note>
+    Whether the device successfully connects also depends on the <a href="/manage/settings/enforce-periodic-user-authentication">Peer Session Expiration</a> setting under Settings &gt; Authentication. If the peer's session has expired, the user must reauthenticate before the peer can connect.
+</Note>
+
+## Enabling via the system tray
+
+1. Click the NetBird icon in the system tray.
+2. Go to **Settings**.
+3. Click **Connect on Startup** to toggle the setting.
+
+When enabled, a checkmark will appear next to the menu item.
+
+## Enabling via the CLI
+
+Connect on Startup is enabled by default. To disable it:
+
+```bash
+netbird up --disable-auto-connect
+```
+
+To re-enable it:
+
+```bash
+netbird up --disable-auto-connect=false
+```
+
+<Note>
+    When toggling this setting via the CLI, the system tray UI may not reflect the change until the NetBird GUI is restarted.
+</Note>

src/pages/client/post-quantum-cryptography.mdx

@@ -1,6 +1,6 @@
 import {Note} from "@/components/mdx";
 
-# Post-quantum cryptography
+# Enable Quantum-Resistance
 Post-quantum cryptography aims to mitigate risks associated with quantum computing's potential to undermine existing encryption methods.
 Current concerns include the possibility of bad actors collecting encrypted network traffic to decrypt it once quantum computers become available.
 This 'harvest and decrypt later' strategy threatens the confidentiality of presently secure communications.