feat: support mTLS for remote database (#2638)

This PR adds mTLS (mutual TLS) configuration support for the LanceDB
remote HTTP client, allowing users to authenticate with client
certificates and configure custom CA certificates for server
verification.

---------

Co-authored-by: Claude <noreply@anthropic.com>

python/src/connection.rs

@@ -301,6 +301,7 @@ pub struct PyClientConfig {
     timeout_config: Option<PyClientTimeoutConfig>,
     extra_headers: Option<HashMap<String, String>>,
     id_delimiter: Option<String>,
+    tls_config: Option<PyClientTlsConfig>,
 }
 
 #[derive(FromPyObject)]
@@ -321,6 +322,14 @@ pub struct PyClientTimeoutConfig {
     pool_idle_timeout: Option<Duration>,
 }
 
+#[derive(FromPyObject)]
+pub struct PyClientTlsConfig {
+    cert_file: Option<String>,
+    key_file: Option<String>,
+    ssl_ca_cert: Option<String>,
+    assert_hostname: bool,
+}
+
 #[cfg(feature = "remote")]
 impl From<PyClientRetryConfig> for lancedb::remote::RetryConfig {
     fn from(value: PyClientRetryConfig) -> Self {
@@ -347,6 +356,18 @@ impl From<PyClientTimeoutConfig> for lancedb::remote::TimeoutConfig {
     }
 }
 
+#[cfg(feature = "remote")]
+impl From<PyClientTlsConfig> for lancedb::remote::TlsConfig {
+    fn from(value: PyClientTlsConfig) -> Self {
+        Self {
+            cert_file: value.cert_file,
+            key_file: value.key_file,
+            ssl_ca_cert: value.ssl_ca_cert,
+            assert_hostname: value.assert_hostname,
+        }
+    }
+}
+
 #[cfg(feature = "remote")]
 impl From<PyClientConfig> for lancedb::remote::ClientConfig {
     fn from(value: PyClientConfig) -> Self {
@@ -356,6 +377,7 @@ impl From<PyClientConfig> for lancedb::remote::ClientConfig {
             timeout_config: value.timeout_config.map(Into::into).unwrap_or_default(),
             extra_headers: value.extra_headers.unwrap_or_default(),
             id_delimiter: value.id_delimiter,
+            tls_config: value.tls_config.map(Into::into),
         }
     }
 }