mTLS certificates are often used for both the client and server sides. What's a use case where the extra serverAuth usage is a problem rather than just superfluous?

If you're using mkcert for test certificates, you can unintentionally write code that is only validating the client certificate against Server usage, and looks correct until faced with real world client-only certs. This is the scenario I encountered.

I'm not sure I've directly seen any client certs also marked for server usage, but you are correct; that probably happens in mTLS services that aren't on the edge of a system. Maybe it's best to have additional control over both usages. The least surprising behavior would probably be:

• if no usage flags passed, default to server
• if usage flags are set, only set the ones present. eg, current behavior would require --client and --server

The real issue is that server certs should set client usage too, to match LetsEncrypt (and most other CAs ?)