Update documentation regarding private registries usage

[Amphaal]

Instead of passing insecure: true to our own private registries, we might want to do something better, like injecting our own baked CA Bundle into the Pod. Using helm, we might just add something like below to the values (I am using Ansible to invoke Helm btw) :

cert_manager__org__root_ca__bundle in my case would be the secret containing my generated bundle, which is configured by cert-manager's Bundle CRD, which for me looks like this:

apiVersion: trust.cert-manager.io/v1alpha1
kind: Bundle
metadata:
  name: "{{ cert_manager__org__root_ca__bundle }}"
spec:
  sources:
    - useDefaultCAs: true # include default trusted CAs
    # include our own root
    - secret:
        name: "{{ cert_manager__org__root_ca }}"
        key: ca.crt
  target:
    secret:
      key: ca.crt
    # make it available to namespaces with said labels
    namespaceSelector:
      matchLabels:
        trust: enabled

as a side note, I require my argocd namespace to look like this for cert-manager to automagically copy the Bundle into its namespace:

api_version: v1
kind: Namespace
metadata:
    name: argocd
    labels:
      # makes the default Org Root CA available within this namespace's Secrets
      trust: enabled

My guess is that, looking at few tickets here regarding verification issues of certificates, guildelines along thoses lines would be beneficial to some folks.