Webhook Certificates should be generated by the operator #5224
Description
Currently the webhook pods generate their own certificates and update the ValidationWebhookConfiguration / MutatingWebhookConfiguration with those certificates.
This is less secure than if the operator did it, and creates complexity because we would like to have a single component responsible for applying manifests.
In particular, when the webhook is scaled (e.g. using HPA) coordination between the pods during a certificate rotation is difficult, and this can lead to certificate errors.