Dynamic ssl improvements

[ElvinEfendi]

What this PR does / why we need it:

In #3990 I was fixing the issue described in #3983 by making sure default certificate is being saved on disk. While this fixes the particular issue but it is not a good solution because for catch all ingress requests first Lua SSL handler will be called but it won't be able to do the handshake because the default certificate for catch all server is stored with key _ however request SSL server name can be anything. It'll fallback using the Nginx's default SSL handler with the cert configured on filesystem.

A better solution is to teach Lua SSL handler to properly handle default certificate and catch all ingress. And also dynamically handle default certificate. This is what the PR does:

1. Make sure controller properly sets PemFileName and PemSHA for fake cert, default cert and as well as custom cert for a given ingerss. And properly here means always set those two fields to what we have in fake cert when dynamic cert mode is enabled.

2. Change Lua SSL handler to fallback to fetching certificate using _ when there's no cert could be obtained using SNI name.

That means in dynamic mode every server block will always have only fake certificate configured in Nginx. The Lua side will handle all the other certs.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

[aledbf]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aledbf, ElvinEfendi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ElvinEfendi,aledbf]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment