Allow tls_auth_handler to support client side verification only

[Roymprog]

The tls_auth_handler supports setting up a mTLS connection with the Prometheus push gateway, but I want only to verify the certificate of the server. In other words, I wish to skip setting certfile and keyfile in the tls_auth_handler method when the protocol is not ssl.PROTOCOL_TLS_SERVER.

The authentication on the server side I will handle differently.

I'd be willing to contribute. Should I add it as a conditional to the current tls_auth_handler method (think this will ), or should I create a new tls_handler method?

Add to current tls_auth_handler:

def tls_auth_handler(
        url: str,
        method: str,
        timeout: Optional[float],
        headers: List[Tuple[str, str]],
        data: bytes,
        certfile: str,
        keyfile: str,
        cafile: Optional[str] = None,
        protocol: int = ssl.PROTOCOL_TLS_CLIENT,
        insecure_skip_verify: bool = False,
) -> Callable[[], None]:
    """Handler that implements an HTTPS connection with TLS Auth.

    The default protocol (ssl.PROTOCOL_TLS_CLIENT) will also enable
    ssl.CERT_REQUIRED and SSLContext.check_hostname by default. This can be
    disabled by setting insecure_skip_verify to True.

    Both this handler and the TLS feature on pushgateay are experimental."""
    context = ssl.SSLContext(protocol=protocol)
    if cafile is not None:
        context.load_verify_locations(cafile)
    else:
        context.load_default_certs()

    if insecure_skip_verify:
        context.check_hostname = False
        context.verify_mode = ssl.CERT_NONE
    
    if protocol == ssl.PROTOCOL_TLS_SERVER:
        context.load_cert_chain(certfile=certfile, keyfile=keyfile)
    
    handler = HTTPSHandler(context=context)
    return _make_handler(url, method, timeout, headers, data, handler)