[RFS] Support for TLS client-certificate based authentication

[kanatti]

Currently RFS supports two kinds authentication to target cluster - 1. Basic auth with username/password 2. SigV4

The opensearch security plugin supports Client Certificate based authentication - https://opensearch.org/docs/latest/security/authentication-backends/client-auth/

Example code snippet from documentation:

import requests
import json
base_url = 'https://localhost:9200/'
headers = {
  'Content-Type': 'application/json'
}
cert_file_path = "/full/path/to/client-cert.pem"
key_file_path = "/full/path/to/client-cert-key.pem"
root_ca_path = "/full/path/to/root-ca.pem"

# Send the request.
path = 'movies/_doc/3'
url = base_url + path
response = requests.get(url, cert = (cert_file_path, key_file_path), verify=root_ca_path)
print(response.text)

Would be good to have RFS support that so that we can write to clusters with client-certificate auth enabled.

For example the logstash-output-opensearch plugin supports this by allowing user to pass cacert, tls_certificate and tls_key file paths.

[AndreKurait]

Tracking with https://opensearch.atlassian.net/browse/MIGRATIONS-2467

[AndreKurait]

Merged #1398, this will be included in our next release