Introduce a separate controller for Certificate management

[skhalash]

Description

Currently, certificate management is fragmented across multiple areas. The process can be described as follows:

• In the main function, a CA certificate is initialized and stored in a newly created secret. If the secret already exists, the system checks whether the certificate is still valid, ensuring it hasn't expired and that the key meets the required length. Additionally, a server certificate is generated and signed with the CA certificate. A validating webhook configuration is created, and the CRD conversion webhook configuration is patched accordingly.

• In the telemetry reconciler, the secret is updated with telemetry as the owner. The validating webhook configuration is invalidated when necessary. If telemetry is about to be deleted (guarded by a finalizer), the validating webhook configuration is cleaned up.

To summarize, the following issues exist:

• The workflow is fragmented across multiple areas, making it difficult to maintain a clear overview.
• Certificate management is unnecessarily coupled to the Telemetry CR lifecycle, even though the two are unrelated.

As an alternative, it is a common practice to introduce a separate controller that takes care of certificate lifetime. Here are some examples:
https://github.com/kyma-project/api-gateway/blob/main/controllers/certificate/certificate_controller.go
https://github.com/knative/pkg/blob/main/webhook/certificates/certificates.go

[github-actions]

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs.
Thank you for your contributions.