Add e2e-aws-ovn-pq-tls-verify periodic test for 4.21

Add weekly periodic test to verify post-quantum cryptography TLS support
for all control plane components in OpenShift 4.21.

The test runs on AWS and verifies that kube-apiserver, etcd, kube-scheduler,
and kube-controller-manager negotiate X25519MLKEM768 as the TLS1.3 group.

Test details:
- Job name: periodic-ci-openshift-release-master-ci-4.21-e2e-aws-ovn-pq-tls-verify
- Runs weekly (interval: 168h)
- Uses AWS cluster profile (aws-2)
- Test ref: openshift-e2e-test-qe-pq-tls-verify

Author: kaleemsiddiqu

ci-operator/config/openshift/release/openshift-release-master__ci-4.21.yaml

@@ -393,6 +393,22 @@ tests:
       enable:
       - observers-resource-watch
     workflow: openshift-upgrade-vsphere-runc
+- as: e2e-aws-ovn-pq-tls-verify
+  interval: 168h
+  steps:
+    cluster_profile: aws-2
+    observers:
+      enable:
+      - observers-resource-watch
+    post:
+    - chain: gather-core-dump
+    - chain: ipi-deprovision
+    pre:
+    - chain: ipi-conf-aws
+    - ref: ovn-conf
+    - chain: ipi-install
+    test:
+    - ref: openshift-e2e-test-qe-pq-tls-verify
 zz_generated_metadata:
   branch: master
   org: openshift

ci-operator/jobs/openshift/release/openshift-release-master-periodics.yaml

@@ -40736,6 +40736,82 @@ periodics:
     - name: result-aggregator
       secret:
         secretName: result-aggregator
+- agent: kubernetes
+  cluster: build11
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: master
+    org: openshift
+    repo: release
+  interval: 168h
+  labels:
+    ci-operator.openshift.io/cloud: aws
+    ci-operator.openshift.io/cloud-cluster-profile: aws-2
+    ci-operator.openshift.io/variant: ci-4.21
+    ci.openshift.io/generator: prowgen
+    ci.openshift.io/no-builds: "true"
+    job-release: "4.21"
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-release-master-ci-4.21-e2e-aws-ovn-pq-tls-verify
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --lease-server-credentials-file=/etc/boskos/credentials
+      - --report-credentials-file=/etc/report/credentials
+      - --secret-dir=/secrets/ci-pull-credentials
+      - --target=e2e-aws-ovn-pq-tls-verify
+      - --variant=ci-4.21
+      command:
+      - ci-operator
+      image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /etc/boskos
+        name: boskos
+        readOnly: true
+      - mountPath: /secrets/ci-pull-credentials
+        name: ci-pull-credentials
+        readOnly: true
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: boskos
+      secret:
+        items:
+        - key: credentials
+          path: credentials
+        secretName: boskos-credentials
+    - name: ci-pull-credentials
+      secret:
+        secretName: ci-pull-credentials
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator
 - agent: kubernetes
   cluster: build11
   decorate: true