Embedded outpost does not support redis mTLS, causing providers to silently and opaquely fail

[solidDoWant]

Describe the bug
Unlike the Python code, the embedded outpost redis client builder does not support building a redis connection via a URL/connection string. As a result, the redis client built for use with embedded client will fail to connect to a redis cluster if the cluster requires client TLS authentication. This is one of the root causes of #9122, as I've outlined here.

This appears to be the only place within Authentik where a username/password is actually required, where cert auth is supported by the external service.

To Reproduce
Steps to reproduce the behavior:

1. Deploy Authentik with redis for the outpost backend, inter-instance communication channel, and cache. The redis instance should be configured to require client TLS auth, and Authentik should be configured to use it. See here for an example of how to do this.
2. Observe that Authentik works perfectly out of the box. Channel and cache connections succeed, and embedded outpost will not have attempted to create a connection to the redis server because no provider has been tied to the outpost yet.
3. Deploy any provider that needs to be tied to an outpost, such as a proxy provider, along with an application to use it. Assign the provider to an outpost.
4. Configure a reverse proxy (nginx, traffic, envoy/istio, etc.) to use authentik for forward auth.
5. Attempt to access the application. Every request will 404, and logs will indicate that none of the proxy provider logic has been hit.
6. Check for logs indicating a redis connection failure. These will probably show up as a cipher mismatch, or a failure due to missing client certs.

Expected behavior
Embedded outposts should accept some form of configuration for client x509 certs. This could be via a connection string/URL like the Python code uses, or separate environment variables.

Screenshots
Not really applicable here

Logs
Example of redis connection failure log: {"error":"remote error: tls: handshake failure","event":"failed to setup application","level":"warning","logger":"authentik.outpost.proxyv2","timestamp":"2025-09-22T23:34:14-05:00"}

Version and Deployment (please complete the following information):

• authentik version: 2025.8.3
• Deployment: helm, see https://github.com/solidDoWant/infra-mk3/blob/master/cluster/gitops/security/authentik/app/hr.yaml for full config

Additional context

It should be pretty trivial to fix this by adding client cert/key environment variables, and adding them to the redis client TLS config if present. I would be glad to contribute this, provided that somebody else write any desired tests. I've tried to run the e2e tests locally and I just can't get them working even with a clean copy of the 2025.8.3 release. Let me know if this contribution would be accepted.