Allow passing value of jwksResolverExtraRootCA to istiooperator template

Due to who our certificate is signed by, Istiod is unable to fetch public key from JWKS_URI leading to the following error.

2022-12-08T14:11:52.581745Z error model Failed to fetch public key from "https://keycloak.domain/auth/realms/myrealm/protocol/openid-connect/certs": Get "https://keycloak.domain/auth/realms/myrealm/protocol/openid-connect/certs": x509: certificate signed by unknown authority 2022-12-08T14:11:52.581759Z info model The JWKS key is not yet fetched for issuer https://keycloak.domain/auth/realms/myrealm (https://keycloak.domain/auth/realms/myrealm/protocol/openid-connect/certs), using a fake JWKS for now

By adding our fullchain of the keycloak https endpoint to the istiocontrolplane operator this error is resolved.

spec:
  values:
    pilot:
      jwksResolverExtraRootCA: |
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----

However, this value path is not available for use with the current istio operator template in this chart. It can be worked around by using the postRenderers:

istio:
  postRenderers:
    - kustomize:
        patchesJson6902:
          - patch:
              - op: add
                path: /spec/values/pilot
                value: {"jwksResolverExtraRootCA": "-----BEGIN CERTIFICATE-----\nyour_cert\n-----END CERTIFICATE-----"}
            target:
              group: install.istio.io
              kind: IstioOperator
              name: istiocontrolplane
              namespace: istio-system
              version: v1alpha1

Requesting this value to be made available so we don't need to continue utilizing a postRenderer. Note: Our certs are signed by Global Sign root3 that have this issue