Background

Customers require a consistent and reliable way to distribute CA certificates across their OpenShift clusters. trust-manager solves this by providing centralized trust management, automatic updates, and namespace-targeted distribution of CA bundles.

Scope of this Epic

This epic extends `cert-manager-operator` to deploy and manage `trust-manager` as an additional operand. A new controller (`trust-manager-controller`) will be added to manage the trust-manager deployment lifecycle through a custom resource `trustmanagers.operator.openshift.io`.

trust-manager will be available as a Tech Preview feature starting from cert-manager-operator v1.19.0, allowing OpenShift administrators to centrally manage and distribute CA trust bundles across the cluster.

Acceptance Criteria

1. Administrators can deploy trust-manager by creating a `TrustManager` CR
2. trust-manager successfully distributes CA bundles via `Bundle` resources
4. Feature is properly gated for TechPreview
5. All unit and e2e tests pass
6. Documentation is complete and published