Add https-client-auth configuration to Keycloak deployments

[akostadinov]

Configure all Keycloak deployments (RHBK, RHSSO, and keycloak-deployment) to request client certificates for HTTPS connections by adding the https-client-auth=request option. This enables mutual TLS authentication when clients provide certificates.

🤖 Generated with Claude Code

Needs to be tested first!

[mdujava]

Cant this be set up per realm? This will break existing tests

[akostadinov]

This is a setting on the TLS level to request a client certificate optionally. At the moment of TLS connection, there is no way to know what realm the client would be accessing.

Presently ssl-rhbk has the setting and it doesn't appear to break any functionality, only now MTLS is possible to configure.

[mdujava]

Ok, just tested make tests disruptive and I can confirm that no problems occurred. I will approve and merge after make ui, rhsso change does not make any difference as now rhsso is not deployed with ssl/cert just no-ssl route

[akostadinov]

I think it is alright to keep the option in case it gets deployed with a TLS endpoint at some point. But let me know if you want this removed.

[akostadinov]

Also if you have the tools running somewhere, pls let me know so I see that the changes are in fact properly in effect.