Add webhook secret and ValidatingWebhookConfiguration certificate management

[barkbay]

This pr automatically fills the Secret and the ValidatingWebhookConfiguration of the webhook with some certificates.

A few notes:

• since the Secret and the ValidatingWebhookConfiguration must be setup before the manager is started this code use a "native" K8S client.
• a controller is started to watch the content of the resources and trigger an update before the certificates expire.
• contrary to what I said a CA is setup and is used to sign the webhook server certificate. The secret key of the CA is not kept, a new one is created if needed.

TODO:

• still need to do some tests with the cert. manager - it works, user can switch to a "self-managed" certificates to a "cert manager" scenario
• update the already opened pr
• it needs follow-up pr is to add some documentations.

[barkbay]

I have updated the comment, I just did a quick test and the user can switch from a "self-managed" certificates mode to a "cert manager" scenario. The existing Secret, even if there already are some certificates, is "adopted" by the certificate manager.

I will create some documentation in a dedicated pr and update the existing one if we agree on the general idea proposed by this one.

[pebrc]

Looks pretty good to me. A few initial comments. Still trying to understand what are the trade offs of using a native client. Also want to give it a spin.

[anyasabo]

This is maybe overthinking it. I wonder if we want the secret to be in this file, because right now this yaml on its own will fail to deploy because the secret doesn't exist. You would need to deploy the webhook yaml also.

That might be a usability thing we can punt on in this PR though. I think right now most people will have the ability to deploy everything, and those that don't have the ability to edit yaml files. We might want to adjust in the future but this should work for now.

[pebrc]

LGTM