Adding a hint when the APP CR installation fails due to ca cert error

[rohitagg2020]

What this PR does / why we need it:

Adding a hint when the APP CR installation fails due to ca certificate not present in kapp controller

Which issue(s) this PR fixes:

With this change, app status will look like this whenever there is an error because kapp controller not able to fetch because of ca cert error:

$ kubectl get app/test-https -oyaml -n kapp-controller
apiVersion: kappctrl.k14s.io/v1alpha1
kind: App
metadata:
  annotations:
    kapp.k14s.io/change-group: kappctrl-e2e.k14s.io/apps
    kapp.k14s.io/identity: v1;kapp-controller/kappctrl.k14s.io/App/test-https;kappctrl.k14s.io/v1alpha1
    creationTimestamp: "2023-10-10T17:54:17Z"
  generation: 1
  labels:
    kapp.k14s.io/app: "1696960456655542000"
    kapp.k14s.io/association: v1.6c8820c760920aa56c616f481c6e3a4f
  name: test-https
  namespace: kapp-controller
  resourceVersion: "151557"
  uid: 941ac597-2379-4be5-ba88-e2afe9d0fa7b
spec:
  deploy:
  - kapp:
      inspect: {}
      intoNs: kapp-controller
  fetch:
  - http:
      url: https://https-svc.https-server.svc.cluster.local:443/deployment.yml
  serviceAccountName: kappctrl-e2e-ns-sa
  template:
  - ytt: {}
status:
  conditions:
  - message: 'Fetching resources: Error (see .status.usefulErrorMessage for details)'
    status: "True"
    type: ReconcileFailed
  consecutiveReconcileFailures: 5
  fetch:
    error: 'Fetching resources: Error (see .status.usefulErrorMessage for details)'
    exitCode: 1
    startedAt: "2023-10-10T17:54:49Z"
    stderr: |-
      vendir: Error: Syncing directory '0':
        Syncing directory '.' with HTTP contents:
          Downloading URL:
            Initiating URL download:
              Get "https://https-svc.https-server.svc.cluster.local:443/deployment.yml": tls: failed to verify certificate: x509: certificate signed by unknown authority
      (hint: The CA Certificate from URL is unknown/invalid. Add valid CA certificate to the kapp-controller configuration to reconcile successfully)
    updatedAt: "2023-10-10T17:54:49Z"
  friendlyDescription: 'Reconcile failed: Fetching resources: Error (see .status.usefulErrorMessage
    for details)'
  observedGeneration: 1
  usefulErrorMessage: |-
    vendir: Error: Syncing directory '0':
      Syncing directory '.' with HTTP contents:
        Downloading URL:
          Initiating URL download:
            Get "https://https-svc.https-server.svc.cluster.local:443/deployment.yml": tls: failed to verify certificate: x509: certificate signed by unknown authority
    (hint: The CA Certificate from URL is unknown/invalid. Add valid CA certificate to the kapp-controller configuration to reconcile successfully)

Fixes #

Does this PR introduce a user-facing change?

Additional Notes for your reviewer:

Review Checklist:

• Follows the developer guidelines
• Relevant tests are added or updated
• Relevant docs in this repo added or updated
• Relevant carvel.dev docs added or updated in a separate PR and there's
  a link to that PR
• Code is at least as readable and maintainable as it was before this
  change

Additional documentation e.g., Proposal, usage docs, etc.:

[neil-hickey]

LGTM