Automatic merge from submit-queue (batch tested with PRs 46210, 48607, 46874, 46598, 49240)
kubeadm: Make the hostPath volume mount code more secure
**What this PR does / why we need it**:
- Refactors the hostpath volume mounting code for the Static Pods
- Splits out the functionality that was in a big function to something testable
- Unit test a lot
- Adds support for mounting external etcd CA/cert/key files in an other path than `/etc/ssl/certs`. Before this you **had** to have your files in there or the apiserver would crashloop
- Significantly improves comment coverage
- Now only mounts the bare essentials instead of nearly everything. For example, don't mount full `/etc/kubernetes` when the only thing you need is `/etc/kubernetes/scheduler.conf`
- Make everything but the etcd datadir read-only for components.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes: https://github.com/kubernetes/kubeadm/issues/341
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
cc @kubernetes/sig-cluster-lifecycle-pr-reviews
75b3a0f3de