Ability to inject mtls client cert subject info

[djcrabhat]

Is your feature request related to a problem? Please describe.

I have successfully set up communication between a fluentbit instance running forward on my edge and a mTLS-capable receiver fluentd instance running forward up in the cloud. I have TLS verification working fine after trusting our private CA chain. But I want to potentially tag data or inject keys in to it describing the subject of the certificate. That way, I could, for instance, put records in different elasticsearch instances based on the client certificate this record came from.

Describe the solution you'd like

Like source_address_key in the forward input, something like client_certificate_subject_key would be great. Subject, some hash id of the cert...some identifying information.

Describe alternatives you've considered

I suppose I can still use the username system, but that seems to be a bit redundant. The client certificate should be enough to uniquely authenticate my end users.

Additional context

No response