The controller mounts a couple of certificates and it's getting more with the proxy-certificate work.

I talked to upstream about this and Golang is kinda... not great about this. To reload the CA certs one has to restart the process. Our best bet here it to "kick" the deployment to gracefully roll over once certificates change.

I propose to add a serving.knative.openshift.io/mounted-cert-version annotation to the deployment that we set to the resourceVersion of the configMap containing the latest certs.