Avoid disruption to original web/API server

[dingp]

The current design requires a temporary change of the ingress when renewing the certificate.

This will disrupt the service provided by the web/API server.

To avoid this disruption, possible improvement could be:

1. create a .well-known subdirectory in the webroot PV;
2. change the .well-known to be the dummy web server's working directory (web root);
3. Instead of rewriting the ingress to point the / prefix to the dummy web server, appending a rule for /.well-known to be directed to the dummy web server;

[dingp]

Support for installing the chart into namespaces w/wo existing ingress rules:

• install the initial ingress if not existing;
• A second ingress template only applies when ingress if found;
• the second ingress template will modify the existing ingress, and add the /.well-known rule.

With this feature in place, the script to obtain certificate does not need to have the logic of preserving exiting ingress rule.