How to add trusted root certificate authority (CA) certificates during cluster deployment

We need to be able to add our man-in-the-middle and internal signing root/intermediate CA certificates to be included in all provisioned nodes - control plane and workers.

We are using cluster api (clusterctl) to build the clusters. Hacking them manually will not work at scale.

There are no answers to the similar questions asked going back to April

Cluster information:

Kubernetes version: current
Cloud being used: bare-metal
Installation method: clusterctl with MaaS driver
Host OS: Linux
CNI and version: cilium (lastest)
CRI and version: