Add ability to disable client cert validation for Kestrel

[HaoK]

As discussed in #9756 would be useful for Cert Auth.

[analogrelay]

All we need to do here is add a top-level option or extension method to Kestrel options to say AllowAnyClientCert. Some docs may need to be updated.

[analogrelay]

This would be great for a new contributor!

[bcisnero]

So I'm reviewing this and if I understand correctly the change is to give the option to the developer to use or not certificates? Or is it to give the capability to pass an specific certificate for Kestrel to use?

[analogrelay]

This is about client certificates and is just a simplification. We already have HttpsConnectionAdaptorOptions.ClientCertificateValidation which gives you the ability to provide a function to validate the client certificate. All we're looking at here is to add a second bool option (AllowAnyClientCertificate) that, if set, has the same behavior as if you set that function to (_) => true (i.e. always allow any cert through Kestrel).

The idea being that the Client Certificate Auth handler will do the validation.

[bcisnero]

Ok, I think I understand