Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret

[wallrj]

In https://github.com/jetstack/cert-manager/issues/4621 we are talking about allowing the Certificate.Spec.SecretTemplate to include the cert-manager.io/allow-direct-injection annotation. But what may not be widely known is that you can pre-create a Secret with any annotations and labels you like and refer to it in the Certificate.Spec.SecretName.

In this case cert-manager will update the data of that existing Secret.

This needs explaining at least in:

1. https://cert-manager.io/docs/concepts/certificate/#certificate-lifecycle where the diagram currently only says that a Secret will be created.
2. https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec: where we only say that the Secret will be automatically created.
3. https://cert-manager.io/docs/usage/certificate/ : where we only discuss how to enable the automatic cleanup of cert-manager created Secrets and not how this feature interacts with pre-created Secrets

[maelvls]

I think I forgot to check in the letsencrypt-flow-cert-manager.drawio file as part of #568. Here is the source diagram if you would like to edit it:

letsencrypt-flow-cert-manager.drawio.tar.gz

Note that I exported the PNG at 200% and then ran tinypng (I use the CLI) to reduce its size before committing the image.