Test certificate rotation for cluster-local-domain-tls and system-internal-tls.
It shouldn't be required to restart activator or queue-proxy, they should watch
for the new certificate and start using it.

The tests can be roughly inspired by https://github.com/ReToCode/knative-encryption/blob/main/10-demo/DEMO.md#ca-rotation and
https://github.com/ReToCode/knative-encryption/tree/main/4-qp-rotation.
The "routing-serving-certs" Secret/Certificate in knative-serving NS includes the certificate for knative internal components.
The "serving-certs" Secret/Certificate in the user NS includes the certificate that is mounted by queue-proxy.

In order to rotate the certificate, it's required to set a new CA for cert-manager (like in the example above) and then delete given cert/secret
so that it's re-newed by the cert-manager.

Automatic loading of certificates after cert-rotation was implemented as part of:
activator: https://github.com/knative/serving/pull/13854
queue-proxy: https://github.com/knative/serving/pull/14189