Implement client certificate subject validation

[radekg]

This PR implements client certificate subject validation. The DN fields selected for this initial version are somewhat arbitrary but most likely the most common. This allows configuring the proxy TLS to validate the client cert subject, the Kafka Proxy operator can require specific subject to be present and contain specific values.

I have opted in for a flag per subject field to prevent requiring the user to follow any arbitrary string format. Additionally, all or none of the DN fields are explicitly required.

In a multi-tenant environment, the tenant has the ability to request certificates from a CA. The usual setup is:

Root CA -> Intermediate -> | -> Server certificate Tenant A
                           | -> Client certificate Tenant A
                           | -> Server certificate Tenant B
                           | -> Client certificate Tenant B

For security reasons, the CA operator does not allow tenants to issue an intermediate from the intermediate, this would require that the second stage intermediate allows certificate signing. With such setup, the user of Client certificate Tenant B can connect to Server Tenant A. Being able to additionally validate the subject adds a layer of security on the TLS level.

[radekg]

Hi @everesio, do you think it would be possible to get a feedback on this feature?

[everesio]

Thank you for you contribution, I will check it soon

[everesio]

PR looks good