[Bug]: certificate.acm.aws.upbound.io cannot get tags

Is there an existing issue for this?

[X] I have searched the existing issues

Affected Resource(s)

acmpca.aws.upbound.io/v1beta1 - Certificate

Resource MRs required to reproduce the bug

apiVersion: acmpca.aws.upbound.io/v1beta1
kind: Certificate
metadata:
  annotations:
    crossplane.io/composition-resource-name: aws-acm-private-ca-certificate
  name: certificate-root-us-east-1
spec:
  forProvider:
    certificateAuthorityArn: # patched
    certificateSigningRequestSecretRef:
      key: certificate_signing_request
      name: acmpca-signing-certificate-root-us-east-1
      namespace: crossplane-system
    region: us-east-1
    signingAlgorithm: SHA384WITHECDSA
    tags:
      foo: bar
    templateArn: arn:aws:acm-pca:::template/RootCACertificate/V1
    validity:
    - type: END_DATE
      value: "2051-12-31T23:59:59.99Z"
  providerConfigRef:
    name: default
  writeConnectionSecretToRef:
    name: certificate-root-us-east-1
    namespace: crossplane-system

Steps to Reproduce

SImply create an ACM-PCA Certificate with tags, as suggested by the API.

What happened?

The following validation error is prompted:

Warning  ComposeResources  3m44s (x34 over 4m46s)  defined/compositeresourcedefinition.apiextensions.crossplane.io  cannot compose resources: cannot apply composed resource "aws-acm-private-ca-certificate": failed to create typed patch object (/certificate-root-us-east-1; acmpca.aws.upbound.io/v1beta1, Kind=Certificate): .spec.forProvider.tags: field not declared in schema

Relevant Error Output Snippet

No response

Crossplane Version

universal-crossplane-1.15.0-up.1

Provider Version

0.47.1

Kubernetes Version

v1.28.5-eks-5e0fdde

Kubernetes Distribution

EKS

Additional Info