Is your feature request related to a problem? Please describe.
With the recently implemented TLS Client Auth config in #3281 we are restricted to setting the TLS Client Option to all routes skipper is handling. This unfortunately prevents us from using since we do not want to have browsers request a client auth certificate for all routes.

Describe the solution you would like
An ingress annotation and/or route group CRD parameter to enable TLS Client Auth per route.

Describe alternatives you've considered (optional)
None.

Additional context (optional)
The traefik project allows per ingress changes to TLS Options including TLS CLient Auth using ingress annotations.

To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll have to add an annotation to the Ingress in the following form: traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd

Would you like to work on it?
Yes, but no time