Helm: setup TLS by default with trust-manager

[jotak]

Currently, our installation guide suggests disabling TLS (by default) between the agent pods and flowlogs-pipeline; if they want TLS, users need to provide their certificates in the right format.

The installation process currently relies just on cert-manager. It's not sufficient, or not well adapted, for agent-to-flp communication, as the two components are in different namespaces. With just cert-manager, we can easily create a certificate for the flowlogs-pipeline service, but not have the CA available in the agent namespace, netobserv-privileged.

Trust-manager seems to be the solution. It should allow us to synchronize the desired CA across namespaces.

It's designed to complement cert-manager and works well when consuming CA certificates used by a cert-manager Issuer or ClusterIssuer

It might also be useful for mTLS.