[Feature] Avoid fetching resource from external resources on internet during bootstrap

[jia-jerry]

Feature (What you would like to be added):
In Alicloud China regions, sometimes it is not possible to run apk get. We need to avoid such statement.
Motivation (Why is this needed?):
Shoot cluster can't be created in China regions sometimes.
Approach/Hint to the implement solution (optional):

[swapnilgm]

/assign @swapnilgm

[swapnilgm]

Copying the offline discussion and findings summary here:
Default etcd container image or to be precise alpine base image doesn't come with wget version supporting SSL flags. So, we injected bootstrap script with apk add wget call to get coorrect wget version. Hence etcd bootstrap has this dependency on internel.

**Finding: **
We can inject the provider self-signed CA bundle to root ca directories. Usually this could be done by update-ca-certificates utility but again this doesn't come preinstalled image of etcd. What it does is append the provided ca-etcd.crt to /etc/ssl/certs/ca-certificats.crt and also, copies/symlinks it under /etc/ssl/certs/ca-cert-ca-etcd.crtfile. This is sufficient for GNUTls SSL backend. update-ca-certificates also copeis/sysmlinks it under /etc/ssl/certs/<cert-x509-hash>.<index> which is used by openssl backend lib for server certificate verification.

For vanilla etcd container image, certificates are bundled under: /etc/ssl/cert.pem

Solution: cat <path-to-ca-etcd.crt> /etc/ssl/cert.pem. And remove wget udpates script.