cert-rotation: CSR approval fixes

* print when CSR approval is completed. This helps correlate between
  kubelet logs and csr approval start/end period
* extend time we want for new certs. With leader election
  it takes ~7 minutes for new certs to be generated and distributed,
  so that kubelet could create CSRs after we finish approval.

  This extends timeout we wait for bootstrap certs to be approved from
  30*10/60 = 5 minutes to 40*15/60 = 10 minutes

ci-operator/step-registry/openshift/e2e/cert-rotation/prepare-for-shutdown/openshift-e2e-cert-rotation-prepare-for-shutdown-commands.sh

@@ -57,7 +57,7 @@ cat << 'EOZ' > /tmp/approve-csrs-with-timeout.sh
     (( required_csrs=${#control_nodes[@]} + ${#compute_nodes[@]} ))
     approved_csrs=0
     attempts=0
-    max_attempts=30
+    max_attempts=40
     while (( required_csrs >= approved_csrs )); do
       echo -n '.'
       mapfile -d ' ' -t csrs < <(oc get csr --field-selector=spec.signerName=${field} --no-headers | grep Pending | cut -f1 -d" ")
@@ -70,10 +70,11 @@ cat << 'EOZ' > /tmp/approve-csrs-with-timeout.sh
       if (( attempts > max_attempts )); then
         break
       fi
-      sleep 10s
+      sleep 15s
     done
+    echo ""
   done
-  echo "Done"
+  echo "Finished CSR approval at $(date)"
 EOZ
 chmod a+x /tmp/approve-csrs-with-timeout.sh
 timeout ${COMMAND_TIMEOUT} ${SCP} /tmp/approve-csrs-with-timeout.sh "core@${control_nodes[0]}:/tmp/approve-csrs-with-timeout.sh"

ci-operator/step-registry/openshift/e2e/cert-rotation/suspend/openshift-e2e-cert-rotation-suspend-ref.yaml

@@ -1,6 +1,7 @@
 ref:
   as: openshift-e2e-cert-rotation-suspend
   from: baremetal-installer
+  timeout: 1h30m00s
   grace_period: 10m
   commands: openshift-e2e-cert-rotation-suspend-commands.sh
   resources: