Add docs for future assume time on access requests

docs/pages/access-controls/access-requests/access-request-configuration.mdx

@@ -189,6 +189,15 @@ privileges:
    earlier, whichever is shorter. Otherwise, set the duration of elevated
    privileges to the session TTL.
 
+### Setting when users can assume elevated privileges
+
+When creating or reviewing Access Requests, you can specify the earliest time
+that a user can assume elevated privileges by using the `--assume-start-time`
+flag. This flag is available for the
+[`tsh request create`](../../reference/cli/tsh.mdx#tsh-request-create) and [`tsh request
+review`](../../reference/cli/tsh.mdx#tsh-request-review) commands. The format accepted
+is defined in [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339), e.g, `2023-12-12T23:20:50.52Z`.
+
 ### The `request.max_duration` field
 
 The `max_duration` option indicates the maximum length of time that a user is

docs/pages/reference/cli/tsh.mdx

@@ -1077,6 +1077,7 @@ $ tsh request create [<flags>]
 | `--request-ttl` | 1 hour | Relative duration like `5s`, `2m`, or `3h`, | Defines how long the Access Request will be in a `PENDING` state before becoming invalid |
 | `--session-ttl` | Time left on current session | Relative duration like `5s`, `2m`, or `3h` | Defines how long the elevated session will be valid for |
 | `--max-duration` | none | Relative duration like `5s`, `2m`, `3h`, or `7d` | Defines the maximum duration of the elevated session up to 7 days. The assigned role also must have `max_duration` option specified (optional) |
+| `--assume-start-time` | none | String | Sets time roles can be assumed by requestor (RFC3339) |
 
 <Admonition type="tip" title="Note">
 The `--request-ttl` and `--session-ttl` values can not be greater than the
@@ -1140,6 +1141,7 @@ $ tsh request review [<flags>] <request-id>
 | `--approve` | `false` | `true` or `false` | Review proposes approval |
 | `--deny` | `false` | `true` or `false` | Review proposes denial |
 | `--reason` | none | String | Review reason message |
+| `--assume-start-time` | none | String | Sets time roles can be assumed by requestor (RFC3339) |
 
 ### Arguments