fix/homogenize external service TLS Secret management

This is a follow up to !1577 (comment 2240386949) in which I realized the following: for some units e.g Neuvector, there is both a Certificate defined via neuvector-init (here) and one defined via tls-components/tls-certificate (here) ... both Certificate will define the neuvector-tls Secret which is unclean and possibly create issues/conflicts/instability

/cc @samuelbartel @pseite