Remove Vercel mention from Next.js docs (#86801)

I think overall it's not appropriate to add Vercel-specific caveats to
these guides because they make it look like they're upselling Vercel.
I've edited to emphasize the self-hosting condition instead, from which
one should be able to infer it doesn't apply to Vercel.

Co-authored-by: Joseph <joseph.chamochumbi@vercel.com>

Author: gaearon

docs/01-app/02-guides/data-security.mdx

@@ -397,14 +397,12 @@ However, for this to happen, the captured variables are sent to the client and b
 
 ### Overwriting encryption keys (advanced)
 
-When self-hosting your Next.js application across multiple servers, each server instance may end up with a different encryption key, leading to potential inconsistencies.
+When **self-hosting** your Next.js application across multiple servers, each server instance may end up with a different encryption key, leading to potential inconsistencies.
 
 To mitigate this, you can overwrite the encryption key using the `process.env.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY` environment variable. Specifying this variable ensures that your encryption keys are persistent across builds, and all server instances use the same key. This variable **must** be AES-GCM encrypted.
 
 This is an advanced use case where consistent encryption behavior across multiple deployments is critical for your application. You should consider standard security practices such key rotation and signing.
 
-> **Good to know:** Next.js applications deployed to Vercel automatically handle this.
-
 ### Allowed origins (advanced)
 
 Since Server Actions can be invoked in a `<form>` element, this opens them up to [CSRF attacks](https://developer.mozilla.org/en-US/docs/Glossary/CSRF).