Allow Dynamic Certificate Cert/Keys in Generated Secret

[scottd018]

Is your feature request related to a problem? Please describe.

Not a problem, per se, but hard-coded backend values do not fit my use case. For my use case, which is a Government compliance use case, I may not use self-signed certificates anywhere in my cluster, so I must replace them with trusted certificates.

Describe the solution you'd like

Allow for the configuration of hard-coded TLS keys/certs values to become configurable when provisioning the following certificates:

• pinniped-concierge-api-tls-serving-certificate
• pinniped-concierge-impersonation-proxy-signer-ca-certificate
• pinniped-concierge-impersonation-proxy-tls-serving-certificate
• pinniped-concierge-impersonation-proxy-ca-certificate

The following are currently hard-coded (there may be others as well):

https://github.com/vmware-tanzu/pinniped/blob/main/internal/controller/apicerts/certs_manager.go#L23-L26

Allowing these to become configurable will allow unpredictable use cases to become attainable when keys/values for consuming these certificates, are expected to be in a different format. Configuration can default to the current values if no additional configuration is provided.

Describe alternatives you've considered

I've considered using External Secrets as a translation layer, but this is currently not possible with their implementation. See comment external-secrets/external-secrets#850 (comment).

Are you considering submitting a PR for this feature?

Right now, I will not have time to support a PR for this feature, but I would like to if I can ever catch up.

Additional context

See conversation on Slack at https://kubernetes.slack.com/archives/C01BW364RJA/p1658264659180309

[simonfelding]

This would be really good to have.