Implement TLS client authentication

[M1cha]

What is the purpose of this change? What does it change?

Add support for authenticating clients using a CA certificate.

Was the change discussed in an issue or in the forum before?

Closes #73

Checklist

• [x] I have enabled maintainer edits for this PR
• [ ] I have added tests for all changes in this PR
• [x] I have added documentation for the changes (in the manual)
• [x] There's a new file in changelog/unreleased/ that describes the changes for our users (template here)
• [x] I have run gofmt on the code in all commits
• [x] All commit messages are formatted in the same style as the other commits in the repo
• [x] I'm done, this Pull Request is ready for review

[MichaelEischer]

Shouldn't the rest-server also extract the username from the client certificate similar to #191? Or is the idea to only use the client certificate to allow access to the rest-server and then require an additional htpasswd verification (I'm not particularly sure how useful that is)?

[M1cha]

@MichaelEischer IMO, what you request should be optional. I use TLS with my own CA to prevent anyone inside my home network from using the rest server. I need neither htaccess nor TLS username verification though since I'm the only user.