add Helm custom cert steps

[taroface]

Ryan Kuo (taroface) commented:

The Helm chart README was updated with the following:

Set `tls.certs.tlsSecret` to `yes/true` if you make use of [cert-manager][3] in your cluster.

  [cert-manager][3] stores generated certificates in dedicated TLS secrets. Thus, they are always named:
 * `ca.crt`
 * `tls.crt`
 * `tls.key`

  On the other hand, CockroachDB also demands dedicated certificate filenames:
 * `ca.crt`
 * `node.crt`
 * `node.key`
 * `client.root.crt`
 * `client.root.key`

  By activating `tls.certs.tlsSecret` we benefit from projected secrets and convert the TLS secret filenames to their according CockroachDB filenames.

This should be reflected in our secure guidance.

Additionally, secure mode requires configuration parameter tls.enabled set to yes/true and tls.certs.provided set to no/false.

See commit

Jira Issue: DOC-427

[github-actions]

We have marked this issue as stale because it has been inactive for
18 months. If this issue is still relevant, removing the stale label
or adding a comment will keep it active. Otherwise, we'll close it in
10 days to keep the issue queue tidy. Thank you for your contribution
to CockroachDB docs!

[exalate-issue-sync]

Ryan Kuo (taroface) commented:
Reopening as this is probably still relevant.