extended ingress domain and TLS secret checks

[bergerx]

Push #199 further with these stretch goals for ingress checks:

• the cert in the secret is not self-signed and must match the host
• another ingress using the same host+port (may be hard to catch since regex can be used, and there can be many ingresses in the clusters, checking ingresses just in the same namespace may get most operators catch most instances)
• verify the domain and cert by checking the host+path (this may be misleading for cases where operators are using VPN or have ingresses has IP restriction)

[bergerx]

I just came across a go implementation that reads Kubernetes secrets and checks the certs inside them:
https://github.com/joe-elliott/cert-exporter/blob/master/src/checkers/periodicSecretChecker.go

It collects/renders this type of information from secrets:

cert_exporter_secret_expires_in_seconds{cn="*....",issuer="R3",key_name="tls.crt",secret_name="default-wildcard-certificate",secret_namespace="cert-manager"} 1.779639553384244e+06
cert_exporter_secret_expires_in_seconds{cn="ISRG Root X1",issuer="DST Root CA X3",key_name="tls.crt",secret_name="default-wildcard-certificate",secret_namespace="cert-manager"} 9.167674855310184e+07
cert_exporter_secret_expires_in_seconds{cn="R3",issuer="ISRG Root X1",key_name="tls.crt",secret_name="default-wildcard-certificate",secret_namespace="cert-manager"} 1.2190870555324073e+08