Implement DefaultCAPackage using CNO's trusted CA bundle injection

Description:

Replace the upstream Debian-based init container approach with OpenShift's CNO CA bundle injection mechanism. Create ConfigMap for CNO injection and format the CA bundle into trust-manager's expected JSON format.

Then mount at "/packages" in deployment and add --default-package-location=/packages/cert-manager-package-openshift.json arg in the operand container.

Acceptance Criteria:

• Controller waits for CNO injection (requeues if bundle not ready)
• JSON format matches upstream trust-manager expectations
• Package ConfigMap created and mounted to deployment
• --default-package-location arg added when enabled
• Status reflects DefaultCAPackage.Enabled state
• Trust Manager should automatically start to trust new CA when CNO updates CA bundle
• NonGoal: Automatic cleanup of Configmaps created to support `DefaultCAPackage` option, when this field is toggled or TrustManager CR is deleted.
• Necessary e2e and UTs are added