feat: As a user, I want to specify the API for mTLS authentication, so that protect important API.

[AlinsRan]

Description

There will be a large number of paths in the gateway, and I hope to perform mTLS authentication on the specified path to protect this path. This needs to be supported by mTLS at the route level, and mTLS mutual authentication can be performed on the specified route.

Assuming there are two routes:

1. /protect/* HTTPS and mTLS
2. /public/* HTTPS

In fact, since the mTLS of APISIX cannot work on the route, when accessing different routes with the same SNI, you cannot authenticate the mTLS and TLS at the same time. /public/* still uses the mTLS.

Example

# URL:     /protect/post
# Expect:  HTTPS + mTLS   
# Actual:  HTTPS + mTLS 
curl --resolve 'httpbin.com:9443:127.0.0.1' https://gateway/protect/post -k --cert ./client.pem --key ./client.key

# URL:     /public/get  
# Expect:  HTTPS   
# Actual:  HTTPS + mTLS
curl --resolve 'httpbin.com:9443:127.0.0.1' https://gateway/public/get -k

[msmost]

Opened discussion #8799 on this same topic. Interested in knowing more about whether APISIX can offer mTLS auth on specific routes.