Enable use of embedded etcd

[MikeSpreitzer]

Without this PR, setting etcd.enabled to false and kcp.etcd.serverAddress to embedded is not enough because it leaves the kcp server hanging due to the absence of the Secret named kcp-etcd-client, which is absent because the corresponding Certificate never gets that Secret issued, because it is asking for an issuer that does not exist due to the etcd.enabled = false setting.

This PR makes the dependence on the Secret named kcp-etcd-client go away if kcp.etcd.serverAddress is set to embedded, and adds the Certificate named kcp-etcd-client to the stuff that goes away if etcd.enabled is set to false.

Successfully tested with etcd.enabled = false and kcp.etcd.serverAddress = "embedded".

Should also be functional with etcd.enabled = false and kcp.etcd.serverAddress set to some pre-existing etcd cluster and the Secret named kcp-etcd-client already existing and holding the TLS credentials needed to access that etcd cluster.

[kcp-ci-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: embik

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kcp-dev/helm-charts/blob/main/OWNERS)~~ [embik] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[kcp-ci-bot]

LGTM label has been added.

Git tree hash: 27a7d4c28a3659a3440ea462f5494b522f4cffcc