OCPBUGS-58424: mount /etc/pki/ca-trust/extracted/pem/ as empty dir

as the fs is now readonly we can't write the cluster trust bundle to
this location before starting the operator. this mounts an empty volume
in the location.

Author: ricardomaraschini

manifests/07-operator-ibm-cloud-managed.yaml

@@ -75,6 +75,8 @@ spec:
           readOnly: true
         - mountPath: /tmp
           name: tmp
+        - mountPath: /etc/pki/ca-trust/extracted/pem
+          name: ca-trust-extracted-pem
       priorityClassName: system-cluster-critical
       serviceAccountName: cluster-image-registry-operator
       shareProcessNamespace: false
@@ -109,3 +111,5 @@ spec:
           - serviceAccountToken:
               audience: openshift
               path: token
+      - emptyDir: {}
+        name: ca-trust-extracted-pem

manifests/07-operator.yaml

@@ -92,6 +92,8 @@ spec:
               readOnly: true
             - name: tmp
               mountPath: /tmp
+            - name: ca-trust-extracted-pem
+              mountPath: /etc/pki/ca-trust/extracted/pem
       volumes:
         - name: tmp
           emptyDir: {}
@@ -114,3 +116,5 @@ spec:
             - serviceAccountToken:
                 path: token
                 audience: openshift
+        - name: ca-trust-extracted-pem
+          emptyDir: {}