Client
Provider interface for client certificates in mutual TLS authentication.
Implementations may retrieve certificates from:
Android Keystore (hardware-backed)
File system (PKCS#12 bundles)
Managed configuration (EMM/MDM provisioned)
Remote certificate services
The provider is called during TLS handshake, so implementations should cache credentials where appropriate for performance.