When internal_tls is true, step1 runs the linux-system-roles.certificate
which is able to produce the ceph_rgw.pem file [1].
When this info is available, we need to make sure that cephadm is able
to process it using the spec, and it's included in the deployed rgw(s)
instances.
If the rgw_frontend_ssl_certificate is empty, then this key can be
ignored (this means tls is not enabled). The ceph_spec module is now
able to filter and drop empty keys if the value is not provided when
the spec dict is built.
[1] https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/cephadm/ceph-rgw.yaml#L169
Change-Id: I22b93cc1057b5894e2c8342c578a3b8080b542ae