PCP-4952: use kubeconfig ca certs for workernode bootstrapping

[pavansokkenagaraj]

• Refactor EKSConfigReconciler to extract CA certificate from kubeconfig secret instead of EKS API. This change simplifies the CA retrieval process and improves error handling for missing CA data.

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Checklist:

• squashed commits
• includes documentation
• includes emoji in title
• adds unit tests
• adds or updates e2e tests

Release note:

[spectro-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pavansokkenagaraj
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bulwark-spectrocloud]

⚠️ Gitleaks scan found potential secrets or sensitive information:

1. ---

   • File: spectro/generated/core-global.yaml
   • Fingerprint: b687c16d8c38fb4a8a2c1c7f966173e52dc3763e:spectro/generated/core-global.yaml:aws-access-token:3706

2. ---

   • File: spectro/generated/core-global.yaml
   • Fingerprint: b687c16d8c38fb4a8a2c1c7f966173e52dc3763e:spectro/generated/core-global.yaml:aws-access-token:3812

3. ---

   • File: spectro/generated/core-global.yaml
   • Fingerprint: b687c16d8c38fb4a8a2c1c7f966173e52dc3763e:spectro/generated/core-global.yaml:generic-api-key:16196

4. ---

   • File: spectro/generated/core-global.yaml
   • Fingerprint: 24c392cf5c536e0bb8d3be1e6205dd8968a453eb:spectro/generated/core-global.yaml:aws-access-token:3287

5. ---

   • File: spectro/generated/core-global.yaml
   • Fingerprint: 24c392cf5c536e0bb8d3be1e6205dd8968a453eb:spectro/generated/core-global.yaml:aws-access-token:3394

6. ---

   • File: spectro/generated/core-global.yaml
   • Fingerprint: 24c392cf5c536e0bb8d3be1e6205dd8968a453eb:spectro/generated/core-global.yaml:aws-access-token:3492

Please review these findings and remove any sensitive information before merging.

[bulwark-spectrocloud]

⚠️ GoVulnCheck scan found vulnerabilities:

1. GO-2025-3754
   • Module: github.com/cloudflare/circl
   • Found in: v1.3.7
   • Fixed in: v1.6.1
   • Example Traces:
     #1: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls goldilocks.init
     #2: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
     #3: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed25519.init
     #4: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ed448.init
     #5: test/helpers/kubernetesversions/template.go:37:2: kubernetesversions.init calls framework.init, which eventually calls ecc.init
2. GO-2025-3595
   • Module: golang.org/x/net
   • Found in: v0.33.0
   • Fixed in: v0.38.0
   • Example Traces:
     #1: pkg/rosa/externalauthproviders.go:52:35: rosa.UpdateExternalAuth calls v1.Send, which eventually calls bluemonday.sanitize
3. GO-2025-3553
   • Module: github.com/golang-jwt/jwt/v4
   • Found in: v4.5.1
   • Fixed in: v4.5.2
   • Example Traces:
     #1: pkg/rosa/client.go:51:70: rosa.NewOCMClient calls ocm.Build, which eventually calls authentication.Build

Please review these findings and fix the issues before merging.