fix: Updating akv cert provider to use getSecret

[susanshi]

Description

• This PR includes:

1. Updating akv cert provider to use getSecret to fetch certificates for the entire chain
2. adding clean up step for dangling aks resources
3. Updated documentation to configure certificate policy on cert import
4. Uploaded existing test cert chain in e2e integration, inline root cert is no longer needed.

What this PR does / why we need it:

Fixes #695

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):

Fixes #695

Type of change

Please delete options that are not relevant.

• [ X] Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Helm Chart Change (any edit/addition/update that is necessary for changes merged to the main branch)
• [X ] This change requires a documentation update

How Has This Been Tested?

-Uploaded existing test cert chain in e2e integration, inline root cert is no longer needed
Manual validation includes:

• Secret with non content type
• Secret disabled
• Secret that is not a a cert
• Not enough permissions for identity
• PEM and PCKS12 formats

Checklist:

• Does the affected code have corresponding tests?
• Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have appropriate license header?

Post Merge Requirements

• MAINTAINERS: manually trigger the "Publish Package" workflow after merging any PR that indicates Helm Chart Change

[codecov]

Codecov Report

Patch coverage: 64.17% and project coverage change: +0.46% 🎉

Comparison is base (1051142) 56.99% compared to head (3d693c6) 57.45%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #957      +/-   ##
==========================================
+ Coverage   56.99%   57.45%   +0.46%     
==========================================
  Files          90       90              
  Lines        5292     5326      +34     
==========================================
+ Hits         3016     3060      +44     
+ Misses       1970     1956      -14     
- Partials      306      310       +4     

Files Changed	Coverage Δ
pkg/certificateprovider/azurekeyvault/provider.go	58.11% <64.17%> (+15.44%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[duffney]

Are there any steps that walk the reader through creating a certificate? Or is that assumed knowledge or a prerequisite?

[susanshi]

I ve actually deleted the entire kv import step, customer should follow https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-sign-build-push#build-and-sign-a-container-image from the prereq section of this quick start.

[binbin-li]

as mentioned in: #695 (comment), does pkcs12 works now in Golang?

[susanshi]

Discussed offline, we will keep the current implementation but provided more guidance in documentation.

[susanshi]

log an issue to update the ratify terraform resource

[susanshi]

Issue logged at #973

[susanshi]

Hi @akashsinghal and @binbin-li , i ve addressed the feedback and merged with latest main. Please give another round of review, please review aks rest result and clean up log at https://github.com/susanshi/ratify/actions/runs/5793405981/job/15701535090, and

[binbin-li]

lgtm

[akashsinghal]

nit: "keyvault" is mispelled in multiple places keyvualt --> keyvault

[akashsinghal]

LGTM