Use full CA cert bundle instead of internal bundle

Change getNovaClient() to use tls.CABundleKey (full/public bundle) instead
of tls.InternalCABundleKey. This ensures the operator can connect to
external Keystone APIs that may use certificates not in the internal
bundle.

This will not affect existing workflows because all the certs in the
internal bundle are always added to the full/public bundle as well.

Jira: https://issues.redhat.com/browse/OSPRH-18652

Author: vakwetu

internal/controller/common.go

@@ -656,15 +656,14 @@ func getNovaClient(
 	var tlsConfig *openstack.TLSConfig
 
 	if parsedAuthURL.Scheme == "https" {
-
 		caCert, ctrlResult, err := secret.GetDataFromSecret(
 			ctx,
 			h,
 			auth.GetCABundleSecretName(),
 			// requeue is translated to error below as the secret already
 			// verified to exists and has the expected fields.
 			time.Second,
-			tls.InternalCABundleKey)
+			tls.CABundleKey)
 		if err != nil {
 			return nil, err
 		}