Support obtaining client certificate for mTLS from HTTP header

[gerritlansing]

Describe the feature you'd like to add to nginx

Enable nginx to obtain the client certificate used for mTLS (ssl_verify_client) from a configurable HTTP header, where the client certificate chain is represented by a URL encoded PEM format.

Describe the problem this feature solves

Our application utilizes client certificate authentication, presently performed by nginx. We need to utilize an external Web Application Firewall, which is capable of providing a client certificate it receives as an HTTP header without verifying it.

Additional context

See: AWS ALB Documentation

[rcousens]

We have a use case for this feature too involving an ALB routing traffic to NGINX.

We want to use pass-through mode on the ALB so we can accept all traffic but only validate client certificates on some hosts at NGINX as traffic moves from the ALB to Kubernetes NGINX Ingress before ultimately hitting services.

[github-actions]

This issue has been automatically marked 'stale' because it has been inactive for 365 days.
If you feel this issue still needs addressing, please leave an (optional) comment and remove the 'stale' label, otherwise please close it if it is no longer valid. Thank you.