ROX-29674: Sync caBundle changes to ValidatingWebhookConfiguration

[vladbologa]

Description

WIP, doesn't really work yet.

Try to propagate CA bundle changes from a ConfigMap that Sensor manages to the ValidatingWebhookConfiguration of the Admission Controller. This is so that admission-control can still function if its leaf certificate is rotated and it is now signed by a different CA than the original one (used at installation time).

User-facing documentation

• CHANGELOG.md is updated OR update is not needed
• documentation PR is created and is linked above OR is not needed

Testing and quality

• the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

change me!

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[rhacs-bot]

Images are ready for the commit at 5e83358.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-49-g5e83358df6.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 58 lines in your changes missing coverage. Please review.

Project coverage is 48.78%. Comparing base (993dbb5) to head (5e83358).

Files with missing lines	Patch %	Lines
...extensions/reconcile_admissioncontrol_ca_bundle.go	0.00%	47 Missing ⚠️
operator/internal/utils/predicates.go	0.00%	11 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #15706      +/-   ##
==========================================
- Coverage   48.79%   48.78%   -0.01%     
==========================================
  Files        2590     2591       +1     
  Lines      190492   190550      +58     
==========================================
+ Hits        92957    92969      +12     
- Misses      90236    90283      +47     
+ Partials     7299     7298       -1     

Flag	Coverage Δ
go-unit-tests	48.78% <0.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.