Enhance the existing Client Certificate Validation defined in GEP-91 (#91) by introducing support for certificate pinning. This allows to specify one or more certificate or public key hashes (SPKI) that are considered valid for client connections. During TLS client authentication, the Gateway will validate not only against the configured CAs, but also against the pinned certificates or keys. This provides a mechanism to restrict allowed clients to a narrowly defined set of certificates, even if the CA trust domain is broad.