Neuvector cert-upgrader needs a second look

Currently, we set autoGenerateCert: true and autoRotateCert: true

Its not clear if we need to do this while running in Istio.

Furthermore, because we do this we need to add exceptions to the istio mesh to allow the internal cert-upgrader job to talk to the healthcheck port 18500.

We need to evaluate a path forward here and likely communicate with Neuvector maintainers to determine the proper next steps.

https://github.com/neuvector/neuvector-helm/issues/486