I would like to update the docs for keycloak configuration.

https://docs.openshift.com/container-platform/4.11/cicd/gitops/configuring-sso-for-argo-cd-using-keycloak.html

```yaml
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: basic
spec:
  sso:
    provider: keycloak
    keycloak:
     rootCA: '<PEM encoded root certificate>'
  server:
    route:
     enabled: true
```

If you wish to proceed with insecure connection then you can leave the value of rootCA empty and use skip verify as show below.

```
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
  metadata:
     name: example-argocd
  labels:
     example: basic
spec:
  extraConfig:
    oidc.tls.insecure.skip.verify: 'true'
  sso:
    provider: keycloak
    keycloak:
      rootCA: ""
```

Background:
With a recent security fix, the certificate of RHSSO could not be validated when configured with a certificate not signed by one of the well-known certificate authorities.

You can now provide a custom certificate to verify the KeyCloak's TLS certificate while communicating with it. In addition, you can add `rootCA` to the Argo CD custom resource `.spec.keycloak.rootCA` field. The Operator reconciles such changes and updates the `oidc.config in argocd-cm` config map with the PEM encoded root certificate.

link: https://issues.redhat.com/browse/GITOPS-2214