Create the TrustManager custom resource definition that allows administrators to configure and deploy trust-manager. The CRD should support all necessary configuration options.

See https://github.com/openshift/enhancements/pull/1914 for the final API design.

Key Components:

• Configurable options (logLevel, logFormat, trustNamespace, secretTargets, filterExpiredCertificates, defaultCAPackage, resources, affinity, tolerations, nodeSelector)

• SecretTargetsConfig with enabled, authorizedSecretsAll, authorizedSecrets fields

• DefaultCAPackageConfig and DefaultCAPackageStatus

• Kubebuilder markers for validation, defaults, and singleton enforcement

• Cluster-scoped singleton (name must be "cluster")
• Update OLM bundle to include TrustManager CRD, RBAC, examples, and related images
• Update ClusterServiceVersion
  • New CRD reference with display name and description
  • Related image for trust-manager (RELATED_IMAGE_TRUST_MANAGER)
  • trustmanagers.operator.openshift.io owned CRD

Acceptance Criteria:

• TrustManager, TrustManagerSpec, TrustManagerStatus types defined with appropriate kubebuilder markers

• `make generate` and `make manifests` run successfully
• `make bundle` generates valid bundle

• CRD YAML generated at `config/crd/bases/operator.openshift.io_trustmanagers.yaml`