Docs for delayed client certificates

[Tratcher]

Kestrel support: #33264
HttpSys improvements: #33586
IIS description: #23948

• Only supported for HTTP/1.x, not 2 or 3.
• The alternate domain approach is still recommended: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-5.0#optional-client-certificates
• Requests with bodies must be buffered before calling GetClientCertificateAsync. Check ClientCertificate first to see if buffering is required.
• Disabled by default, options to enable on each server.
• New option New UseHttps overload with per connection callback  #33953 to enable in new UseHttps callback overload.

Thanks for contacting us.

We're moving this issue to the Next sprint planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.