Admin endpoint cert upgrade will be handeled by manifest, so data
migration is no longer needed in subcloud.
On N+1 side, admin endpoint cert secret (key/cert) will be pulled
directly from k8s resource for manifest to generate endpoint cert
on first host unlock.
Only need to update SAN of admin endpoint cert.
Signed-off-by: Bin Qian <firstname.lastname@example.org>