Default undercloud certificate becomes invalid after a year

Description
===========

With the default certificate generated by the undercloud install using the defaults.
Becomes invalid after a year because the certmonger signing CA gets renewed.

This breaks the undercloud certificate trust.

Steps to reproduce
==================

1. Installed undercloud using the defaults
2. Set the system time 3 years into the future
~~~
tripleo-ansible-inventory --static-yaml-inventory test.yaml
ansible -i test.yaml all -b -m command -a timedatectl set-time "2024-08-14 07:57:34"'
ansible -i test.yaml all -b -m command -a 'timedatectl set-time "2024-08-14 07:57:34"'
~~~
3. Waited for certmonger to renew the certificates

Expected result
===============

Certificate to be trusted after the auto renewal

Actual result
=============

New certificate is not trusted

Cause
=============

As part of the undercloud install with using the default settings,
The certmonger CA is extracted and added to the trust store.

As part of the renewal script used for haproxy, the CA extracted as part of the undercloud install is added to the certificated bundle used by haproxy

After one year the certmonger CA will be renewed and usually shortly after the haproxy certificate will be renewed.

But since the extracted CA is now different to the CA that signed the renew certificate the new bundle is invalid.
As well since the CA that signed the renew certificate has not been extracted and added to the system trust store

https://opendev.org/openstack/puppet-tripleo/src/branch/stable/train/files/certmonger-haproxy-refresh.sh