After merging ETCD-512, we need to ensure the certs are regenerated when the signer changes.

Current logic in library-go only changes when the bundle is updated, which is not sufficient of a criteria for the etcd rotation. 

Some initial take: https://github.com/openshift/library-go/pull/1674

discussion in: https://redhat-internal.slack.com/archives/CC3CZCQHM/p1706889759638639

AC:

• leaf certs should be checked with AKI/SKI continuously for more robust change detection
• leaf certs should be checked that a given signer was actually used to sign a certificate
• use a filtered informer for node updates to avoid calling expensive logic too often (https://github.com/openshift/library-go/blob/master/pkg/controller/factory/factory.go#L109C19-L109C46)