Unable to enter multiple CAs in SecretClass for S3 TLS verification

[sbernauer]

This is a thing we want to support, see https://github.com/stackabletech/decisions/issues/57 for that

Description

A customer has a self-hosted S3 and multiple root CAs in their company (to do ca cert rotation).
He tried adding all 4 root CAs to a Secret and put a SecretClass on top using k8ssearch.
Afterwards they used it for TLS verification in a S3Connection, but it didn't work.

The problem was in the trino-operator here we add all the certs contained in the ca.crt with the same alias to the truststore.p12:

keytool -importcert -file {cert_file} -keystore {destination_directory}/truststore.p12 -storetype pkcs12 -noprompt -alias {alias_name} -storepass {STACKABLE_TLS_STORE_PASSWORD}

This way only one of the 4 root CAs ended up in the truststore, which (by pure bad luck) was one, which didn't sign the S3 cert.
We worked around this by only adding the oldest living cert which worked, but ideally we could add multiple CA certs.

Future work

This bug likely effects other operators as well