Description of problem:
We know, as part of redhat cert-manager operator as a supported product, the operand pod's image uses redhat's own published image registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9 as https://catalog.redhat.com/software/containers/cert-manager/jetstack-cert-manager-rhel9/63d2c618c447aabc190c684c , instead of the upstream operand image.

Ditto, as part of redhat cert-manager operator as a supported product, the cm-acme-http-solver pod in http01 function should use redhat's own published image too, and the image tag should latest.

Version-Release number of selected component (if applicable):
OCP 4.12, redhat cert-manager operator of bundle version v1.10.2-21.

How reproducible:
Always

Steps to Reproduce:
1. Install redhat cert-manager operator. Then create a clusterissuer.
$ cat clusterissuer-acme-http01-example.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    preferredChain: ""
    privateKeySecretRef:
      name: example-issuer-account-key
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: openshift-default

$ oc create -f clusterissuer-acme-http01-example.yaml

2. Create an ingress referencing the clusterissuer

$ cat ingress-using-clusterissuer-neg.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-test
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  rules:
  - host: hello.test.com
    http:
      paths:
      - path: "/"
        backend:
          service:
            name: hello-openshift
            port:
              number: 8080
        pathType: "Prefix"
  tls:
  - hosts:
    - hello.test.com
    secretName: ingress-cert

$ oc create -f ingress-using-clusterissuer-neg.yaml

3. Check the pod's image

$ oc get pod
NAME                              READY   STATUS    RESTARTS   AGE
cm-acme-http-solver-m6t62         1/1     Running   0          5s

$ oc get po cm-acme-http-solver-m6t62 -o yaml
...
    image: quay.io/jetstack/cert-manager-acmesolver:canary
...

Actual results:
Step 3 shows the cm-acme-http-solver pod uses the upstream image. And browse https://quay.io/repository/jetstack/cert-manager-acmesolver?tab=tags , in the search input box "Filter Tags", filter "canary", it is shown 3 years ago, very old.

Expected results:
First, cm-acme-http-solver is functional part of redhat cert-manager operator, it should use redhat's own published image like the operand cert-manager image.

Second, as comparison, in OCP console, tried to install the community upstream cert-manager, repeated above steps, it uses latest versioned tag instead of the 3-year-ago "canary" tag:

$ oc get po cm-acme-http-solver-kl5nv -o yaml
...
    image: quay.io/jetstack/cert-manager-acmesolver:v1.11.0
...

For redhat cert-manager operator, even if it will use community quay.io/jetstack/cert-manager-acmesolver, it should use latest versioned tag too, instead of the 3-year-ago "canary" tag.