Add ability to disable client cert validation for Kestrel

[HaoK]

As discussed in #9756 would be useful for Cert Auth.

[analogrelay]

All we need to do here is add a top-level option or extension method to Kestrel options to say AllowAnyClientCert. Some docs may need to be updated.

[analogrelay]

This would be great for a new contributor!

[bcisnero]

So I'm reviewing this and if I understand correctly the change is to give the option to the developer to use or not certificates? Or is it to give the capability to pass an specific certificate for Kestrel to use?

[analogrelay]

This is about client certificates and is just a simplification. We already have HttpsConnectionAdaptorOptions.ClientCertificateValidation which gives you the ability to provide a function to validate the client certificate. All we're looking at here is to add a second bool option (AllowAnyClientCertificate) that, if set, has the same behavior as if you set that function to (_) => true (i.e. always allow any cert through Kestrel).

The idea being that the Client Certificate Auth handler will do the validation.

[bcisnero]

Ok, I think I understand

[analogrelay]

Are you asking because you're interested in a PR @bcisnero ? We're probably actually going to get this done ourselves now because we want to land this preview 7

[bcisnero]

Yeah, that was my intention but still having trouble understanding the whole flow of this but I'll be very interested in seeing the solution so I can understand better all this and be able to contribute in the future,

[analogrelay]

Ok, no problem! Just checking before we went ahead and did it :).