If mTLS is enabled in the client, then the provided private-key is used for signing the
authorization request (for backwards compatibility with the backend).
Hence the client must not generate a new public/private key-pair as in the old setup,
but use the one provided in the configuration. This also means that a forced-bootstrap should not generate new keys! Never no new keys.
- Client only uses the provided private-key in a mTLS setup