Now that #2163 has merged, the way in which the proxy-injector's MutatingWebhookConfig is provisioned is much simpler. It now works as follows:

• linkerd install --proxy-auto-inject emits the config for the proxy-injector pod
• Once the proxy-injector pod starts, it creates a new CA bundle in memory
• It then calls the Kubernetes API to create or update the MWC, which contains the CA bundle

This means that our install YAML does not include the MWC itself, since it's created programmatically after the proxy-injector pod starts. Ideally, however, the install YAML would include all objects that are actually installed, including the MWC. But this would require the CLI to create the bundle at install time and provide it as a secret to the linkerd-proxy-injector pod.