Alternative letsencrypt challenges and custom provided tls certificates

[filippomc]

Closes CH-265

Implemented solution

Added options to the main values.yaml to:

1. Define alternative letsencrypt solvers
2. Disable letsencrypt and use own certificates

How to test this PR

This functionality is built to be 100% backwards compatible, so the old http challenge is in place.
Check docs on docs/ingress-domains-proxies.md to see how to define alternative challenges

Sanity checks:

• The pull request is explicitly linked to the relevant issue(s)
• The issue is well described: clearly states the problem and the general proposed solution(s)
• In this PR it is explicitly stated how to test the current change
• The labels in the issue set the scope and the type of issue (bug, feature, etc.)
• The relevant components are indicated in the issue (if any)
• All the automated test checks are passing
• All the linked issues are included in one Sprint
• All the linked issues are in the Review state
• All the linked issues are assigned

Breaking changes (select one):

• The present changes do not change the preexisting api in any way
• This PR and the issue are tagged as a breaking-change and the migration procedure is well described above

Possible deployment updates issues (select one):

• There is no reason why deployments based on CloudHarness may break after the current update
• This PR and the issue are tagged as alert:deployment

Test coverage (select one):

• Tests for the relevant cases are included in this pr
• The changes included in this pr are out of the current test coverage scope

Documentation (select one):

• The documentation has been updated to match the current changes
• The changes included in this PR are out of the current documentation scope

Nice to have (if relevant):

• Screenshots of the changes
• Explanatory video/animated gif

[Copilot]

Pull request overview

Adds configurable Let’s Encrypt / cert-manager behavior to the Cloud Harness Helm chart so deployments can (a) switch ACME solvers (e.g., dns01) and (b) disable ACME entirely to use externally managed TLS certificates, with accompanying model + docs updates.

Changes:

• Introduces ingress.letsencrypt.enabled, privateKeySecretName, solvers, and secrets in Helm values and renders them into the cert-manager Issuer (plus optional credential Secret creation).
• Updates Ingress/Gateway annotations to be conditional on Let’s Encrypt being enabled.
• Updates OpenAPI + generated model docs and adds end-user documentation for the new TLS/Let’s Encrypt options.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
libraries/models/docs/GatewayGlobalConfigAllOfLetsencrypt.md	Updates generated model docs to include new Let’s Encrypt fields.
libraries/models/docs/ExtraContainerConfig.md	Fixes property name documentation (command).
libraries/models/cloudharness_model/models/gateway_global_config_all_of_letsencrypt.py	Extends model with enabled, solver and secret configuration, and private key secret name aliasing.
libraries/models/api/openapi.yaml	Adds new schema properties for Let’s Encrypt configuration.
docs/README.md	Adds a docs index link to the ingress/TLS documentation.
docs/model/GatewayGlobalConfigAllOfLetsencrypt.md	Updates generated docs copy for the extended Let’s Encrypt model.
docs/ingress-domains-proxies.md	Adds detailed guidance for solvers, dns01 secrets, and “bring your own certs”.
deployment-configuration/helm/values.yaml	Adds new ingress.letsencrypt options and documentation comments.
deployment-configuration/helm/templates/ingress.yaml	Skips cert-manager annotations when Let’s Encrypt is disabled.
deployment-configuration/helm/templates/httproute.yaml	Skips Gateway cert-manager annotation when Let’s Encrypt is disabled.
deployment-configuration/helm/templates/certs/letsencrypt.yaml	Adds optional credential Secret rendering and configurable Issuer fields (private key secret name, solvers).