fix(helm): update chart cert-manager to v1.13.3 (#3842)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | patch
| `v1.13.2` -> `v1.13.3` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.3`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.3)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.2...v1.13.3)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

> ⚠️ Read about the [**breaking changes in cert-manager
1.13**](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)
before you upgrade from a < v1.13 version!

This patch release contains fixes for the following security
vulnerabilities in the cert-manager-controller:

- [`GO-2023-2334`](https://pkg.go.dev/vuln/GO-2023-2334): Decryption of
malicious PBES2 JWE objects can consume unbounded system resources.

If you use [ArtifactHub Security
report](https://artifacthub.io/packages/helm/cert-manager/cert-manager/1.13.2?modal=security-report)
or [trivy](https://trivy.dev/), this patch will also silence the
following warning about a vulnerability in code which is imported but
**not used** by the cert-manager-controller:

-
[`CVE-2023-47108`](https://access.redhat.com/security/cve/CVE-2023-47108):
DoS vulnerability in `otelgrpc` due to unbound cardinality metrics.

An ongoing security audit of cert-manager suggested some changes to the
webhook code to mitigate DoS attacks, and these are included in this
patch release.

##### Changes

##### Bug or Regression

- The webhook server now returns HTTP error 413 (Content Too Large) for
requests with body size `>= 3MiB`. This is to mitigate DoS attacks that
attempt to crash the webhook process by sending large requests that
exceed the available memory.
([#&#8203;6507](https://togithub.com/cert-manager/cert-manager/pull/6507),
[@&#8203;inteon](https://togithub.com/inteon))
- The webhook server now returns HTTP error 400 (Bad Request) if the
request contains an empty body.
([#&#8203;6507](https://togithub.com/cert-manager/cert-manager/pull/6507),
[@&#8203;inteon](https://togithub.com/inteon))
- The webhook server now returns HTTP error 500 (Internal Server Error)
rather than crashing, if the code panics while handling a request.
([#&#8203;6507](https://togithub.com/cert-manager/cert-manager/pull/6507),
[@&#8203;inteon](https://togithub.com/inteon))
- Mitigate potential "Slowloris" attacks by setting `ReadHeaderTimeout`
in all `http.Server` instances.
([#&#8203;6538](https://togithub.com/cert-manager/cert-manager/pull/6538),
[@&#8203;wallrj](https://togithub.com/wallrj))
- Upgrade Go modules: `otel`, `docker`, and `jose` to fix CVE alerts.
See GHSA-8pgv-569h-w5rw,
GHSA-jq35-85cj-fj4p, and
GHSA-2c7c-3mj9-8fqh.
([#&#8203;6514](https://togithub.com/cert-manager/cert-manager/pull/6514),
[@&#8203;inteon](https://togithub.com/inteon))

##### Dependencies

##### Added

*Nothing has changed.*

##### Changed

-   `cloud.google.com/go/firestore`: `v1.11.0 → v1.12.0`
-   `cloud.google.com/go`: `v0.110.6 → v0.110.7`
- `github.com/felixge/httpsnoop`: [`v1.0.3 →
v1.0.4`](https://togithub.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4)
- `github.com/go-jose/go-jose/v3`: [`v3.0.0 →
v3.0.1`](https://togithub.com/go-jose/go-jose/v3/compare/v3.0.0...v3.0.1)
- `github.com/go-logr/logr`: [`v1.2.4 →
v1.3.0`](https://togithub.com/go-logr/logr/compare/v1.2.4...v1.3.0)
- `github.com/golang/glog`: [`v1.1.0 →
v1.1.2`](https://togithub.com/golang/glog/compare/v1.1.0...v1.1.2)
- `github.com/google/go-cmp`: [`v0.5.9 →
v0.6.0`](https://togithub.com/google/go-cmp/compare/v0.5.9...v0.6.0)
-
`go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`:
`v0.45.0 → v0.46.0`
- `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`:
`v0.44.0 → v0.46.0`
- `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`:
`v1.19.0 → v1.20.0`
- `go.opentelemetry.io/otel/exporters/otlp/otlptrace`: `v1.19.0 →
v1.20.0`
-   `go.opentelemetry.io/otel/metric`: `v1.19.0 → v1.20.0`
-   `go.opentelemetry.io/otel/sdk`: `v1.19.0 → v1.20.0`
-   `go.opentelemetry.io/otel/trace`: `v1.19.0 → v1.20.0`
-   `go.opentelemetry.io/otel`: `v1.19.0 → v1.20.0`
-   `go.uber.org/goleak`: `v1.2.1 → v1.3.0`
-   `golang.org/x/sys`: `v0.13.0 → v0.14.0`
-   `google.golang.org/genproto/googleapis/api`: `f966b18 → b8732ec`
-   `google.golang.org/genproto`: `f966b18 → b8732ec`
-   `google.golang.org/grpc`: `v1.58.3 → v1.59.0`

##### Removed

*Nothing has changed.*

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEwMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>

kubernetes/cobra/apps/cert-manager/cert-manager/app/helmrelease.yaml

@@ -10,7 +10,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: v1.13.2
+      version: v1.13.3
       sourceRef:
         kind: HelmRepository
         name: jetstack