USER PROBLEM
^{What is the user experiencing as a result of the bug? Include steps to reproduce.}

The Local Scanner component of a Secured Cluster is failing to initialize after updating the Secured Cluster to 4.7.0.

CONDITIONS
^{What conditions need to exist for a user to be affected? Is it everyone? Is it only those with a specific integration? Is it specific to someone with particular database content? etc.}

Secured Cluster installed via Helm or Operator, version 4.7.0.
Central must be v4.5.z or older for this to happen.

ROOT CAUSE
^{What is the root cause of the bug?}

The Secured Cluster tries to retrieve fresh certificates from Central, but fails because Central is too old and does not support the API (older than 4.6.0).

Secured Cluster pods then fall back to the legacy certificates (from the init bundle) that are still present in the namespace.

However, there's a mistake in the scanner deployment volume mounts:

        - name: certs-legacy
          secret: 
            secretName: scanner-tls
            items: 
              - key: scanner-cert.pem
                path: cert.pem
              - key: scanner-key.pem
                path: key.pem
              - key: ca.pem
                path: ca.pem
            defaultMode: 420
            optional: true

The keys are incorrect, they should be "cert.pem" not "scanner-cert.pem", and "key.pem" not "scanner-key.pem".

FIX
^{How was the bug fixed (this is more important if a workaround was implemented rather than an actual fix)?}

The fix corrects the keys so that they match the `scanner-tls` secret, and the correct files are mounted.