How to categorize this issue?

/area usability
/area security
/kind enhancement

What would you like to be added:
The Shoot cluster CA bundle should be stored as ConfigMap so that it can be read by users with viewer Project role. The CA bundle is not sensitive data, hence it doesn't need to be stored as a Secret.

Why is this needed:
Gardener stores a Secret with the name <shoot-name>.ca-cluster in the project namespace in the garden cluster. This Secret contains the CA bundle of the cluster. The dashboard and gardenctl generate a gardenlogin kubeconfig by reading the CA data from the Secret and mapping it to the certificate-authority-data field.

Gardenlogin will soon also support the shoot/viewerkubeconfig subresource (#78) which enables users with viewer role to have read-only access to a cluster. However, users with viewer role using gardenctl or the dashboard do not have the permission to read this Secret.

A potential workaround for generating the gardenlogin kubeconfig could involve calling the subresource shoot/adminkubeconfig or shoot/viewerkubeconfig solely for the certificate-authority-data field and discarding the rest. However, this approach might lead to unnecessary audit events.

/assign