ref(cert): update Manager to support mult clients

[jaellio]

Description:

Supports multiple clients in Manager struct. Refactoring
as a part of the root cert rotation work. During root cert
rotation, there will be 2 CertManagers - the CertManager
being rotated in and the CertManager being rotated out as
specified in the MeshRootCertificates.

The ca is moved from the Manager to the CertManagers
for each cert provider.

Part of #4502

Testing done:

• CI

Affected area:

Functional Area
Certificate Management	[x]

Please answer the following questions with yes/no.

1. Does this change contain code from or inspired by another project? no

   • Did you notify the maintainers and provide attribution?

2. Is this a breaking change? no

3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)?

[codecov-commenter]

Codecov Report

Merging #4705 (9b24453) into main (ddd10e2) will increase coverage by 0.10%.
The diff coverage is 33.33%.

@@            Coverage Diff             @@
##             main    #4705      +/-   ##
==========================================
+ Coverage   69.45%   69.56%   +0.10%     
==========================================
  Files         217      218       +1     
  Lines       15490    15595     +105     
==========================================
+ Hits        10759    10848      +89     
- Misses       4681     4697      +16     
  Partials       50       50              

Flag	Coverage Δ
unittests	69.56% <33.33%> (+0.10%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...icate/providers/certmanager/certificate_manager.go	29.56% <0.00%> (-0.53%)	⬇️
...ertificate/providers/tresor/certificate_manager.go	63.63% <0.00%> (-1.32%)	⬇️
pkg/certificate/types.go	100.00% <ø> (ø)
...certificate/providers/vault/certificate_manager.go	58.57% <6.66%> (-14.65%)	⬇️
pkg/certificate/fake_manager.go	41.17% <100.00%> (+9.92%)	⬆️
pkg/certificate/manager.go	83.33% <100.00%> (+1.02%)	⬆️
pkg/certificate/providers/config.go	76.78% <100.00%> (+3.39%)	⬆️
pkg/certificate/providers/certmanager/helpers.go	0.00% <0.00%> (-20.41%)	⬇️
pkg/certificate/providers/tresor/ca.go	61.40% <0.00%> (-8.46%)	⬇️
... and 11 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ddd10e2...9b24453. Read the comment docs.

[steeling]

not a big deal, but you could keep these as one function

[jaellio]

I split this up in order to make the client creation (without adding the root certificate) testable. Do you have any suggestions for how to keep this a single function without requiring too much refactoring of the tests?

[steeling]

oh i see. Ya you can leave as is.

Alternatively you could do something like

// package level
type getRootCAFunc func(c *CertManager)
var getRootCA = func() {...} // fill in with current getRootCa (not a function not a method)

then in tests, before running:

getRootCA = func(){...} // overridden for testing

Up to you!

[nojnhuh]

Is pkg/certificate/temp necessary to keep? I didn't see it referenced in the diff and it looks like unit tests pass without it.