feat: only add non-FQDN variant of fully qualified domain names to SANs

[dervoeti]

Description

Replaces #547

Extends FQDN support to improve DNS lookup performance, see stackabletech/issues#656

We experienced issues, especially with mTLS, when a client connects to a host via its FQDN (pod.service.svc.cluster.local.). Currently, only the FQDN (with the trailing dot) is added to the SANs. With this fix, only the non-FQDN version (without trailing dot) is added. This solves the problems in our tests.
This fix should be backwards compatible and not break anything that works currently, it only improves support for FQDN cluster domains.

I tested the fix with several integration tests (including Zookeeper and Kafka mTLS tests) by setting the env var KUBERNETES_CLUSTER_DOMAIN to cluster.local. for all operators.

Without this fix, at least these tests failed for me:
tls_kafka-3.8.1_zookeeper-latest-3.9.2_use-client-tls-true_use-client-auth-tls-true_openshift-false
and
smoke_zookeeper-3.9.2_use-server-tls-true_use-client-auth-tls-true_openshift-false

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

Author

Preview Give feedback

1. Changes are OpenShift compatible
2. CRD changes approved
3. CRD documentation for all fields, following the style guide.
4. Helm chart can be installed and deployed operator works
5. Integration tests passed (for non trivial changes)
6. Changes need to be "offline" compatible

Reviewer

Preview Give feedback

1. Code contains useful comments
2. Code contains useful logging statements
3. (Integration-)Test cases added
4. Documentation added or updated. Follows the style guide.
5. Changelog updated
6. Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

Preview Give feedback

1. Feature Tracker has been updated
2. Proper release label has been added
3. Roadmap has been updated

[sbernauer]

I trust your experiments, so change looks good to me :)
But before we merge I would like to see some other reviewer on this.

1. Can you please add a changelog entry? I think we should mark this as breaking, but note that it should be fine (tm)

Looking at #547, I also noticed the following things:

2. Please also update docs/modules/secret-operator/pages/scope.adoc (mention the truncation)
3. Normally I would not require you to write tests, on the other hand it would be kind of sad if we would throw away the effort of fix: For cluster internal scopes also add variant without trailing dot #547 writing some tests.
   Would you mind copying and adopting them into your PR?

[dervoeti]

@sbernauer Thanks for the feedback! I tried to address all your points.

[sbernauer]

Thanks! Noticed on minor thing

[maltesander]

Yeah i like this as the minimal change for experimental FQDNs. Fixed most of the problems i stumbled over.
Edit: I remember ZooKeeper was extra special, did you test with that as well (i guess if you tried Kafka)?

[dervoeti]

Yeah i like this as the minimal change for experimental FQDNs. Fixed most of the problems i stumbled over. Edit: I remember ZooKeeper was extra special, did you test with that as well (i guess if you tried Kafka)?

Yes, I tested both ZooKeeper and Kafka

[sbernauer]

LGTM