make CAFilePath configurable

[filipcirtog]

Summary

Previously, the operator automatically used fixed CA certificate mount paths:
/mongodb-automation/tls/ca/ca-pem for MongoDB deployments
/mongodb-automation/ca.pem for AppDB (not scope of this changes)

This was a blocker for VM-to-Kubernetes migrations and custom security requirements because:

• VM deployments may use different CA paths (e.g., /etc/ssl/certs/ca.pem)
• Kubernetes deployments were restricted to operator-defined paths
• No way to align CA paths between environments during migration

Solution: New optional CRD field spec.security.tls.caFilePath allows specifying a custom CA certificate path. When set, the operator:

• Uses the custom path in automation config instead of the default path
• Creates an additional volume mount at the custom path using subPath from the CA ConfigMap

Proof of Work

Checklist

• Have you linked a jira ticket and/or is the ticket in the title?
• Have you checked whether your jira ticket required DOCSP changes?
• Have you added changelog file?
  • use skip-changelog label if not needed
  • refer to Changelog files and Release Notes section in CONTRIBUTING.md for more details

[filipcirtog]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• make CAFilePath configurable #810 👈 (View in Graphite)
• make log paths configurable #803
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.