Add `.spec.certSecretRef` to Bucket API

[matheuscscp]

Fixes #973

[kingdonb]

I just finished testing this with a test bucket from minio/minio configured with a self-signed certificate, and 👍 it worked

Here are the Helm values I used, for reference, in case anyone wants to replicate the test:

mode: standalone
replicas: 1
resources:
  requests:
    memory: 512Mi
rootPassword: rootpass123
rootUser: rootuser
tls:
  certSecret: bucket-secret
  enabled: true
  privateKey: tls.key
  publicCrt: tls.crt

and it took some time to figure out exactly what the other configuration artifacts should look like, writing them out here for completeness:

---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: Bucket
metadata:
  name: test-bucket
  namespace: test-bucket
spec:
  bucketName: test-bucket
  endpoint: minio.test-bucket.svc.cluster.local:9000
  interval: 1m0s
  provider: generic
  certSecretRef:
    name: bucket-secret
  secretRef:
    name: bucket-client-credentials

apiVersion: v1
kind: Secret
metadata:
  name: bucket-client-credentials
  namespace: test-bucket
type: Opaque
stringData:
  accesskey: rootuser
  secretkey: rootpass123

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-bucket-cert
  namespace: test-bucket
spec:
  dnsNames:
    - minio.test-bucket.svc.cluster.local
  isCA: true
  commonName: my-bucket-cert
  secretName: bucket-secret
  privateKey:
    algorithm: ECDSA
    size: 256
  issuerRef:
    name: ca-issuer
    kind: Issuer
    group: cert-manager.io

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: ca-issuer
  namespace: test-bucket
spec:
  selfSigned: {}

You can also create a real access key and secret, but in the tests we also use the root user/pass so it's fine, works as well.

[stefanprodan]

Thanks @kingdonb for testing this on your cluster 🏅