Support cert-manager

[derrickburns]

The way that you take in secrets does not allow one to use cert-manager.

The issue is the naming of the secrets components when you mount the volume.

      {{- if .Values.query.tlsClient.enabled }}
        - name: {{ include "thanos.fullname" . }}-thanos-query-tls-client
          secret:
            secretName: {{ include "thanos.fullname" . }}-thanos-query-tls-client
      {{- end }}
      {{- if .Values.query.tlsServer.enabled }}
        - name: {{ include "thanos.fullname" . }}-thanos-query-tls-server
          secret:
            secretName: {{ include "thanos.fullname" . }}-thanos-query-tls-server
      {{- end }}

If you allow one to project the secrets to a specific path, then this can work with cert-manager:

  volumes:
  - name: foo
    secret:
      secretName: mysecret
      items:
      - key: username
        path: my-group/my-username

OR simply use the names tls.key and tls.crt instead of client.key/server.key and client.crt/server.crt.