Enabling audit logs fails during patch operation

[akgalwas]

Description

KIM doesn't correctly handle a scenario with enabling audit logs for a runtime that previously had audit logs disabled.

Steps to reproduce

1. Create a Runtime CR for a region that doesn't have audit log configuration. Make sure KIM has auditlogmandatory parameter set to false.
2. Wait until the shoot is reconciled. Confirm the audit log extension is not included in spec.extensions
3. Provide missing audit log configuration for the Runtime's region.
4. Modify any property to cause reconciliation.
5. Notice the Runtime has Failed status. The error message is Gardener API shoot patch error: admission webhook "validator.shoot-auditlog-admission.extensions.gardener.cloud" denied the request: missing or invalid referenced resource: auditlog-credentials

Expected result

KIM should enable audit logs in all cases no matter what is current state of the shoot.

Actual result

Enabling audit logs for a runtime with audit logs disabled fails.