At the moment there is no way to allow gitops to trust custom certifices (e.g. self signed certs).

Gitops components (openshift-gitops-server, openshift-gitops-repo-server, ...) don't trust certificates reported into `oc get cm -n openshift-config $(oc get proxy/cluster -o json | jq '.spec.trustedCA.name' -r) -o json | jq '.data."ca-bundle.crt"' -r` as is done for infrastructure components (https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/security_and_compliance/configuring-certificates#updating-ca-bundle)

In this specific case the secret generation used by argocd which uses managedserviceaccount doesn't have a way to also integrate custom certificates. As it is now, it seems isollated from anything related to `hubKubeAPIServerConfig` and it'll be a while before the RHACM implementation changes how API certificate changes are handled (not before 2.15 at best)