fix: Correctly configure non-mirror registry certificates

CA certificates are now written to `/etc/containerd/certs.d/<registryHost>/ca.crt`
as required.

Remove non-mirror registry config from `/etc/containerd/certs.d/_default/hosts.toml`
which was causing all registries to be configured as mirror registry.

Author: jimmidyson

pkg/handlers/generic/mutation/mirrors/containerd_files.go

@@ -68,7 +68,7 @@ func (c containerdConfig) needContainerdConfiguration() bool {
 //     The upstream registry will be automatically used after all defined mirrors have been tried.
 //     https://github.com/containerd/containerd/blob/main/docs/hosts.md#setup-default-mirror-for-all-registries
 //
-//  2. Setting CA certificate for global image registry mirror.
+//  2. Setting CA certificate for global image registry mirror and image registries.
 func generateContainerdDefaultHostsFile(
 	configs []containerdConfig,
 ) (*cabpkv1.File, error) {