The custom certificates are currently loaded by the brokers when the pod starst and that is it. When the certificate in the secret changes, we do nothing.

This PR is monitoring the secret every reconciliation and takes a thumbprint of the certificate (SHA-256 hash of the DER encoded binary certificate). The thumbprint is used as annotation in the Pods of the Kafka stateful set and when it changes, the pod will be rolled.