NGF: Add documentation for mTLS support between gateway and apps

[salonichf5]

Proposed changes

Updates existing secure traffic guide to showcase mutual TLS connection between Gateway and Backends.

Checklist

Before sharing this pull request, I completed the following checklist:

• I read the Contributing guidelines
• My branch adheres to the Git conventions
• My content changes adhere to the F5 NGINX Documentation style guide
• If my changes involve potentially sensitive information¹, I have assessed the possible impact
• I have waited to ensure my changes pass tests, and addressed any discovered issues

Footnotes

1. Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩

[salonichf5]

Incase preview doesn't work

[ADubhlaoich]

LGTM! Please ensure the merge message adheres to Conventional Commits.

[bjee19]

Do we want to overwrite the tls section and make this document purely an mtls document? If a user wants to only have tls, and doesn't need mtls wouldn't they not be able to follow this document?

[salonichf5]

Do we want to overwrite the tls section and make this document purely an mtls document? If a user wants to only have tls, and doesn't need mtls wouldn't they not be able to follow this document?

The original goal was to extend this document to also demonstrate mTLS between the Gateway and the upstream. I think the current scope still makes sense, because the security posture is ultimately driven by the application configuration, which is owned by the user.

In this setup, the secure-app configuration determines whether we need Gateway TLS and a BackendTLSPolicy. We assume the user understands the characteristics of the application they’re exposing and, based on that, can decide what guarantees the Gateway must provide for successful communication with the backend.