gen-pkcs12-keystore init container fails if the tls secret contains no ca.crt

[smoldenhauer-ish]

Configure the solrTLS with a TLS secret that contains only a tls.crt and a tls.key It seems to be dependent on the issuer if there is a separate ca.crt or not e.g. see https://github.com/cert-manager/cert-manager/issues/1571

    solrTLS:
      keyStorePasswordSecret:
        name: security
        key: password-key
      pkcs12Secret:
        name: solrcloud-tls
        key: keystore.p12

The generated init container command
openssl pkcs12 -export -in /var/solr/tls/tls.crt -in /var/solr/tls/ca.crt -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD} fails with Can't open /var/solr/tls/ca.crt for reading, No such file or directory 139805662672192:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/var/solr/tls/ca.crt','r') 139805662672192:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:

However if the keystore is generated with the tls.crt and tls.key as input it works. (The tls.crt contains the full chain of certificates)

[smoldenhauer-ish]

I will provide a pull request to include the -in ca.crt only if there is a ca.crt file present:

Tested:

    Command:
      sh
      -c
      OPTIONAL_CACRT=$(test -e /var/solr/tls/ca.crt && echo ' -in /var/solr/tls/ca.crt'); openssl pkcs12 -export -in /var/solr/tls/tls.crt $OPTIONAL_CACRT -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}