When the CR contains only partial configuration of the clusterCa or clientsCa, for example:

   clusterCa:
     generateCertificateAuthority: false
   clientsCa:
     generateCertificateAuthority: false

Then the validity or the renewalDays might be set to 0. That can cause problems for example in the User Operator which isn't able to sign any user certificates with the 0 days validity (OpenSSL throws an error).

This PR adds checks whether the validity or renewal days are 0, and uses the default values instead in such case.