fix: use certificate fingerprints to deduplicate TLS certs

[nitishfy]

The existing argocd cert add-tls command had two key issues with handling TLS certificates:

1. Previously, the command rejected certificates with the same subject, even if the actual certificate data was different (e.g., renewed or rotated certificates). This caused valid certificates to be incorrectly skipped, preventing users from storing multiple valid TLS certs for the same server.

2. The command displayed the number of RepositoryCertificate items returned by the API as the number of certificates added. Since the API returns a single object per server regardless of how many PEM blocks are included, the message could misleadingly indicate 0 certificates were stored, confusing users.

After

> argocd cert add-tls repo.example.com --from duplicate.pem
Reading TLS certificate data in PEM format from 'duplicate.pem'
WARNING: Duplicate certificate detected (SHA256 fingerprint 25734613d11c3b40f1772cf8d01536b198a77dad2877f7350984a8859545e68b, subject 'CN=repo.example.com'), skipping.
Created entry with 1 PEM certificates for repository server repo.example.com

❯ argocd cert rm repo.example.com
Removed cert for 'repo.example.com' of type 'https' (subtype '')

❯argocd cert add-tls repo.example.com --from same-subject.pem
Reading TLS certificate data in PEM format from 'same-subject.pem'
Created entry with 2 PEM certificates for repository server repo.example.com

❯ argocd cert list | grep repo.example.com
repo.example.com         https  rsa                  CN=repo.example.com
repo.example.com         https  rsa                  CN=repo.example.com

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Title of the PR
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

✅ Preview Environment deployed on Bunnyshell

Component	Endpoints
argocd	https://argocd-m2gmcw.bunnyenv.com/
argocd-ttyd	https://argocd-web-cli-m2gmcw.bunnyenv.com/

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔴 /bns:stop to stop the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[chansuke]

This is just a question. Using cert.Raw treats certificate renewals with the same public key as distinct certificates. Is this intentional?