Split mTLS client and CA certificates handling for improved TLS configuration

[Pallavikumarimdb]

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

This PR introduces a clearer separation between the mTLS client certificate/key and the CA certificate for the Newt service. The previous implementation used a single certificate path for both client authentication and CA verification. This change introduces the following:

• --tls-client-cert-file: Path to the client certificate used for mTLS
• --tls-client-key: Path to the private key associated with the client certificate
• --tls-client-ca: Path to the CA certificate used to verify the server

Changes made:

• Added three new CLI flags for TLS client certificate, key, and CA.
• Ensured backward compatibility by not removing any existing functionality.

How to test?

Testing:

• Local Docker environment used to simulate mTLS using generated client.key, client.crt, and ca.crt.
• Verified failure when invalid paths are passed and success with correct certs.
• Confirmed mutual TLS handshake is successful with valid certs.

Closes #54

[Pallavikumarimdb]

Hi, @oschwartz10612 , Please review and let me know if any changes are needed.