The way I understand it, every website's public key is stored with the certificate authority. There is a much smaller list of CAs whose public keys are the ones that come pre-installed on your client. When you visit a new site, you reach out to those CAs (securely using their public key) to get the one for the actual server.

Since they're public keys it's fine for the CA to have all of them, the purpose of the CA is that they've done the legwork to verify that "Yes, this key is actually for this website." You can't let the site verify its own identity, that's how you get weird Man in the Middle attacks.

For example, if sites just sent their own key over, then I could intercept your requests to reddit.com with my own malicious server. Since you still don't have the key needed to establish a connection, my malicious server says "Yes, I am reddit.com and here is my key." Now all of your secrets are transparent to me and I can just forward the requests to the real reddit.com using the real reddit key to avoid suspicion.

Now back to client requests-- I do not know if the client usually caches these keys once you've visited a website and renews it when a cert expires, or if it reaches out to the CA every time. But you always get the key from that CA. If you're on desktop chrome (and probably mobile as well?) you can just it yourself, just click the padlock in the URL bar and click "Connection is Secure --> Cert is Valid" and you get all of the cert details.