Fix association with custom cert without CA

[thbkrkr]

Follow-up of #5277 to adress the case of a custom cert without CA (issued by a well-known certificate authority).

In this case, the CA is configured but the CA cert is not provided, which is translated in the AssocConf stored in an annotation of the associated resource to CASecretName defined and CACertProvided set to false. I did not rechallenge this logic.

cloud-on-k8s/pkg/controller/association/ca.go

Lines 64 to 65 in 721cccf

	caCertProvided := len(expectedSecret.Data[certificates.CAFileName]) > 0
	return CASecret{Name: expectedSecret.Name, CACertProvided: caCertProvided}, nil

The main fix is to replace the use of CAIsConfigured by GetCACertProvided when we setup a CA config setting.
This also fixes Agent->Fleet where we forgot to check that CAIsConfigured() to setup the CA env var (discovered in #5240 (review))
And finally, I noticed that we could reuse WriteAssocsToConfigHash which gives the advantage of taking into account the authSecret content in the annotated config hash.

Changes:

• 8fb1935 Setup CA config setting if GetCACertProvided instead of CAIsConfigured for KB|ENT|EMS->x associations
• eb11a77 Setup FleetCA env var for Agent only if GetCACertProvided
• 60c480a Update WriteAssocsToConfigHash to use GetCACertProvided instead of CAIsConfigured
• 695ad4c Reuse WriteAssocsToConfigHash for APM|ENT|EMS->x associations

[thbkrkr]

I missed the initial intention. We mount the CA secret using a volume in the pods when the secret exists (works when we mount the secret as a directory without directly targetting the CA file) but we don't configure the CA in the configurations when the CA is not provided in the secret. This means we can keep the calls to CAIsConfigured when it's about configuring the pod without referencing ca.crt.

[pebrc]

I am OK with merging this given we follow up in #5379