docs: add SAN extension to secure ingress certificate generation commands

[Ahmedaltu]

Fixes #11675

What this PR does

Adds the -extfile flag with a Subject Alternative Name (SAN) extension
to all openssl x509 certificate signing commands in the secure ingress
documentation, and adds a note explaining the browser compatibility requirement.

Why

Since Chrome 58, browsers require certificates to have the domain name in
the Subject Alternative Name (SAN) extension, not just the Common Name (CN)
field. The current commands generate certificates without a SAN, which causes:

• ERR_CERT_COMMON_NAME_INVALID in Chrome
• Subject Alternative Name Missing error

This issue has been open since August 2022 (#11675).

Changes

1. Added -extfile <(printf "subjectAltName=DNS:<domain>") to 4 certificate
   signing commands:

   • httpbin.example.com (example_certs1)
   • httpbin.example.com (example_certs2)
   • helloworld.example.com
   • client.example.com

2. Added a tip note explaining that the certificates are for testing only,
   require SAN for modern browsers, and will not be automatically trusted.

Type of change

• Documentation fix

[istio-testing]

Hi @Ahmedaltu. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.