sylva-ca.crt secret not always copied in keycloak namespace

Summary

The secret sylva-ca.crt is not always copied in ns keycloak, actually only when unit keycloak-add-truststore is enabled

However this secret is required to enable TLS verification when configuring JWTOIDCAuthEngineConfig in unit vault-oidc