fix(step-certificates): Secrets are mounted event if we don't need them

[twistyWater]

Subject of the issue

In templates/ca.yaml volumes spec, {{ include "step-certificates.fullname" . }}-secrets is always mounted as a secret or configmap and cause secret doesn't exists when using inject.enabled=true and bootstrap.secret=false. I don't need any secret as I generate my own root certificate so the only key I need is the intermediate key, which is added via azure keyvault in the config file.

Your environment

• OS - Ubuntu
• Version - 22.04

Steps to reproduce

Create a values.yaml

existingSecrets:
  enabled: false
  ca: false
  issuer: false
  certsAsSecret: false
  configAsSecret: false
  sshHostCa: false
  sshUserCa: false

bootstrap:
  secrets: false
  enabled: false
  configmaps: false

inject:
  enabled: true
  config:
    files:
      ca.json:
        key: azurekms:name=my-intermediate-ca-key;vault=my-keyvault?version=12345
        kms:
          type: azurekms
  certificates:
    root_ca: |
      -----BEGIN CERTIFICATE-----
      something
      -----END CERTIFICATE-----

    intermediate_ca: |
      -----BEGIN CERTIFICATE-----
      something
      -----END CERTIFICATE-----

Expected behaviour

pod is created without the volume {{ include "step-certificates.fullname" . }}-secrets

Actual behaviour

The volume is created and pod is in error state, "secret doesn't exists"

Additional context

For the deployment to work, I need to set bootstrap.secrets=true and set a dummy value in inject.secrets.ssh.user_ca_key="unusable"

Validations should be added in template/ca.yaml to create the volume only if values exists like it is done for all other secrets, something like

{{- if and (or .Values.inject.enabled .Values.existingSecrets.enabled) (or (not (eq .Values.inject.secrets.certificate_issuer.key "") _and so on_)) }}
  secret:
    secretName: {{ include "step-certificates.fullname" . }}-secrets
{{- else }}
  configMap:
    name: {{ include "step-certificates.fullname" . }}-secrets
{{- end }}