update cert-manager language with reflector

Author: sjberman

docs/proposals/control-data-plane-split/README.md

@@ -151,7 +151,7 @@ names and mount path configurable via flags. For production, we will direct the
 For development and testing purposes, we will provide a self-signed default certificate. In order to be secure by
 default, NGF should generate the default certificates and keypair during installation using a Kubernetes Job.
 
-Using cert-manager may also be an easy option to reduce the burden of installing and rotating Secrets. A user would need to install this before NGF, and ensure they create agent Secrets before deploying their Gateway resource. We could also tie the NGF control plane directly into cert-manager so that our control plane could create the agent Secrets for the user when they create a Gateway resource, further reducing the burden on the user.
+Cert-manager is probably the easiest way for a user to manage certs for this. [Reflector](https://github.com/emberstack/kubernetes-reflector) is a tool that can be used to sync Secrets across namespaces, so that all agents receive the certificate updates for the initial Secret created by cert-manager.
 
 #### Certificate Rotation