Support changing domain names of a managed certificate

[lukasmetzner]

TL;DR

Currently, managed certificates are recreated on every reconcile. If a user changes the domain names of a certificate, this will lead to a name collision when creating the new certificate.

Expected behavior

HCCM should be able to handle and reconcile domain names of a certificate correctly. A possible path could look like this:

1. Create a new certificate with the new domain names and a form of temporary identifier
2. Add this certificate to the Load Balancer service
3. Delete the old certificate and rename the new one (i.e., removing the temporary identifier)

As issuing a new certificate might take a while, we should return a retry error to the cloud-provider library and make this process async in the background:

https://github.com/kubernetes/kubernetes/blob/f830e4a2b8f02ca00bb51417d978ce2876e5e30e/staging/src/k8s.io/cloud-provider/cloud.go#L148-L158

	// EnsureLoadBalancer creates a new load balancer 'name', or updates the existing one. Returns the status of the balancer
	// Implementations must treat the *v1.Service and *v1.Node
	// parameters as read-only and not modify them.
	// Parameter 'clusterName' is the name of the cluster as presented to kube-controller-manager.
	//
	// Implementations may return a (possibly wrapped) api.RetryError to enforce
	// backing off at a fixed duration. This can be used for cases like when the
	// load balancer is not ready yet (e.g., it is still being provisioned) and
	// polling at a fixed rate is preferred over backing off exponentially in
	// order to minimize latency.
	EnsureLoadBalancer(ctx context.Context, clusterName string, service *v1.Service, nodes []*v1.Node) (*v1.LoadBalancerStatus, error)