kubeapps install cleanup - fix unused CAs and move pinniped proxy

[dlaloue-vmware]

Describe the bug With the introduction of the new kubeapps-apis component, other deployments/services have been removed and things have moved around a bit. There are remaining items to cleanup to make the kubeapps installation more robust.

Currently, the "kubeapps" deployment contains three containers: oauth2 proxy, nginx proxy and pinniped proxy. The message flow is that a message goes from "kubeapps" pod (oauth2->nginx) to "kubeappsapis" pod and again to "kubeapps" pod (pinniped) thus creating a cycle between pods. I don't think this is a good practice patterns for micro-services and the pinniped proxy would probably be better be a container in the kubeappsapis pod.

The pinniped proxy currently allows one to secure it with TLS. This provides an inconsistent security model for kubeapps as the communication "kubeapps" to "kubeappsapis" does not have TLS support. Also, it seems that TLS was introduced only as a way to test the TLS support of the pinniped proxy (other projects may need TLS support). The proposal is to remove TLS support in kubeapps (especially if moving the container to kubeappsapis pod).

We also need to update the generated configmaps accordingly. I believe the configmap "frontend" contains the target cluster CAs, but it is not clear that any of the containers are actually using those CAs (the only container referencing this configmap is the nginx proxy).

Desktop (please complete the following information): kubeapps 12.1.1 / 2.6.1