Add client certificate (mTLS) support to Configuration

[binajmen]

Some HTTP APIs require mutual TLS (mTLS) for authentication, where the client presents a certificate and private key during the TLS handshake. This is the equivalent of curl's --cert and --key flags:

$ curl -X GET https://api.example.com/resource \
  --cert certificate.pem \
  --key private_key.pem

Currently, Configuration only exposes verify_tls, timeout, and follow_redirects. There is no way to pass a client certificate and key to the underlying Erlang ssl module.

One approach would be individual builder functions on Configuration, consistent with the existing style:

httpc.configure()
|> httpc.client_certificate(certfile: "certificate.pem", keyfile: "private_key.pem")
|> httpc.dispatch(request)

Would you consider this as a valid feature request?

[masavik]

Similarly, I would also want to do the following...

curl \
        --cacert <(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d) \
        --cert   <(kubectl config view --raw -o jsonpath='{.users[0].user.client-certificate-data}' | base64 -d) \
        --key    <(kubectl config view --raw -o jsonpath='{.users[0].user.client-key-data}' | base64 -d) \
        https://192.168.0.200:6443/api/v1/nodes

[binajmen]

Similarly, I would also want to do the following...

curl
--cacert <(kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d)
--cert <(kubectl config view --raw -o jsonpath='{.users[0].user.client-certificate-data}' | base64 -d)
--key <(kubectl config view --raw -o jsonpath='{.users[0].user.client-key-data}' | base64 -d)
https://192.168.0.200:6443/api/v1/nodes

I'm not sure about the status of #36, but we could certainly try to tackle both needs together I guess?