Enabling Hubble using the Cilium CLI doesn't work if Cilium was installed via Helm

[rolinh]

The helm install method creates a CA for Hubble/Hubble Relay named hubble-ca-secret. This CA is different than the one used for ClusterMesh. On the other end, when installing Cilium using the CLI, the same CA is used for both ClusterMesh and Hubble. As reported by this user, this means that when using cilium hubble enable, Hubble Relay is not able to connect to Cilium/Hubble nodes because the cert cannot be validated (see more details in this comment).

We should ensure that the two installation methods are consistent in this regard so that enabling Hubble works either way.

[kaworu]

My two cents:

I think we should go the cilium cli way, i.e. one CA shared for Hubble and ClusterMesh (and anything internal to Cilium). It's simpler that what we currently do through Helm/certen (i.e. two different CAs) and moreover all the certs are for the internal ${something}.cilium.io so it's unusual to have two CAs "responsible" for the same domain, if that make sense.

[tklauser]

Related: #300