Add RFC 9440 Client-Cert forwarding filter

[somiljain2006]

Commit Message: Add RFC 9440 Client-Cert forwarding filter

Fixes #45354

Additional Description: Add an HTTP filter that emits RFC 9440 Client-Cert and Client-Cert-Chain headers from downstream mTLS client certificates. The filter sanitizes incoming Client-Cert and Client-Cert-Chain headers before forwarding and injects RFC 8941 structured-field byte sequences derived from the peer certificate and certificate chain.

Risk Level: Medium

Testing: Added unit tests covering header sanitization, non-TLS connections, empty certificates, and certificate chain handling. Added an integration test exercising RFC 9440 certificate encoding using real multi-certificate TLS chains to verify end-to-end certificate parsing and header generation.

Docs Changes: Added rfc9440_client_cert_filter.rst

Release Notes: N/A
Platform Specific Features: N/A

[repokitteh-read-only]

Hi @somiljain2006, welcome and thank you for your contribution.

We will try to review your Pull Request as quickly as possible.

In the meantime, please take a look at the contribution guidelines if you have not done so already.

🐱

Caused by: #45412 was opened by somiljain2006.

see: more, trace.

[repokitteh-read-only]

CC @envoyproxy/api-shepherds: Your approval is needed for changes made to (api/envoy/|docs/root/api-docs/).
envoyproxy/api-shepherds assignee is @wbpcode
CC @envoyproxy/api-watchers: FYI only for changes made to (api/envoy/|docs/root/api-docs/).

🐱

Caused by: #45412 was opened by somiljain2006.

see: more, trace.

[somiljain2006]

@wbpcode Can you review this pr?