Authc/z: Enable grpc_client_config to allow mTLS

[sokoide]

What this PR does / why we need it:
Loki can be protected by mTLS. However, if you configure grpc_tls_config, internal grpc clients (e.g. distributor/querier to ingester) fails to connect because the client cert option is not supported.
The fix allows it.

Which issue(s) this PR fixes:
Fixes #3252

Special notes for your reviewer:
This has been tested with the following Loki config.

server:
  http_listen_port: 13101
  grpc_listen_port: 18931
  log_level: debug
  http_tls_config:
    key_file: /path/to/key.pem
    cert_file: /path/to/cert.pem
    client_ca_file: /path/to/ca.pem
    client_auth_type: VerifyClientCertIfGiven
  grpc_tls_config:
    key_file: /path/to/key.pem
    cert_file: /path/to/cert.pem
    client_ca_file: /path/to/ca.pem
    client_auth_type: VerifyClientCertIfGiven

ingester_client:
  grpc_client_config:
    tls_enabled: true
    tls_cert_path: path/to/cert.pem
    tls_key_path:  path/to/key.pem
    tls_ca_path: path/to/ca.pem
...

Checklist

• Documentation added
• Tests updated

[CLAassistant]

All committers have signed the CLA.

[sandy2008]

LGTM!

[owen-d]

Hey, this is a great draft! Removing this explicit call to WithInsecure is definitely a good idea, as it's already conditionally applied in the configuration. I've also created an issue to track handling mTLS via grpc in a consistent way across our code base/configuration.

If you're ready, please unmark this as draft and I think we can merge it :) .

[owen-d]

LGTM once we remove this block.

It's handled in the configuration chain:
https://github.com/cortexproject/cortex/blob/master/pkg/util/grpcclient/grpcclient.go#L78
https://github.com/cortexproject/cortex/blob/master/pkg/util/tls/tls.go#L78