ROX-33584: Migrate cert monitor to controller-runtime

[kovayur]

Description

• Migrate cert monitor to controller-runtime
• Use label selector rhacs.redhat.com/tls to filter only stackrox TLS secrets
• Increase sync interval from 1 minute to 30 minutes
• Do not watch namespaces

Checklist (Definition of Done)

• Unit and integration tests added
• Added test description under Test manual
• Documentation added if necessary (i.e. changes to dev setup, test execution, ...)
• CI and all relevant tests are passing
• Add the ticket number to the PR title if available, i.e. ROX-12345: ...
• Discussed security and business related topics privately. Will move any security and business related topics that arise to private communication channel.
• Add secret to app-interface Vault or Secrets Manager if necessary
• RDS changes were e2e tested manually
• Check AWS limits are reasonable for changes provisioning new resources

Test manual

TODO: Add manual testing efforts

# To run tests locally run:
make db/teardown db/setup db/migrate
make ocm/setup
make verify lint binary test test/integration

[johannes94]

LGTM 👍

[johannes94]

Out of curiosity what's the reason for this local copy?

[kovayur]

To take the address of a local variable (line 167), I can't take an address of the constant.

[johannes94]

I see. Just FYI, since we're not at Go 1.26 yet. with Go 1.26 you can use new with the expressions like constants

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johannes94, kovayur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [johannes94,kovayur]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kovayur]

/retest

[openshift-ci]

New changes are detected. LGTM label has been removed.