As mentioned in the enhancement we require the Day-1 support for customization TLS key parameters for the signer certs generated at install time.

While https://issues.redhat.com/browse/CNTRLPLANE-2012 takes care of the installer generated signer certs, the installer uses the etcd-operator render cmd to generate the etcd-signer and etcd-metrics-signer certs during bootstrap.

https://github.com/openshift/installer/blob/4100a5bb0c58da8b11d976df9cf260106cbb73ce/data/data/bootstrap/files/usr/local/bin/bootkube.sh.template#L226-L235

So the etcd-operator render cmd should also allow the installer to pass the PKI signer config (coming from the InstallConfig) and then generate the signers accordingly.
This would require updating the render cmd to accept the config or read it directly from the installconfig.

The larger change here would be getting the etcd-operator to actually support customizations to the cert key config.
Note that the etcd-operator's cert render cmd actually just mocks and calls the cert controller's sync to generate the certs once.
https://github.com/openshift/cluster-etcd-operator/blob/af150da84801ba0a1b4b0d94644da02d717ec7c6/pkg/cmd/render/certs.go#L80

https://github.com/openshift/cluster-etcd-operator/blob/main/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go

So making this change would effectively also be getting the etcd-operator's cert controller Day 2 support for respecting the PKI config.

A layer down, we'd first need library-go's crypto and cert pkgs to support the key customizations.

Support for ECDSA customization has already started here  
https://github.com/openshift/library-go/pull/2116 

We will need to extend and refactor on top to also support custom key sizes for RSA and ECDSA.