Operator does not support deploying Quay with Postgres client-side certs. We need to adjust so users can provide their certs.

Attempts were made to validate this behavior both through the UI as through a custom config bundle. For extra details please see history on https://issues.redhat.com/browse/PROJQUAY-2239

Generally this can be achived with a database connection string like this:

DB_URI: postgresql://<username>@<hostname>:5432/<database>sslcert=/conf/stack/database.crt&sslkey=/conf/stack/database.key" 

Acceptance criteria

• Quay can pick user-provided certificate files for authentication against Postgres databases
• Quay deploys fine with GCP CloudSQL (using client side certs)
• Users can deploy using client side certs through a custom config bundle
• Feature is documented

Engineering hints:

• providing custom private keys is possible via the Operator-managed config bundle but the key files are injected into the Quay pod using projected volumes with a file permission mode of 0644
• the Quay postgres connector library refuses to read private key files with 0644, it can only read them via 0600 if owned by the same user as Quay or 0640 if owned by root
• because of OpenShifts randomized UID of container in pods Quay, the projected files are always owned by root but their group is set to the group id of Quay, so files readable by Quay need to be at least 0640
• the config editor does not accept private key files when uploading into "extra CA certs" so manipulating the config bundle is currently the only way to get those files into the pod