Description of problem:

Today, we rely on the request’s source IP to identify the originating host. However, in virtualized environments where VMs use NAT or private addresses, all outbound requests may appear to originate from the parent host’s IP. This can lead to ambiguity and misidentification of the actual VM making the request.

To address this, we should allow client certificates to serve as the primary identifier (or as a fallback) in such cases, ensuring reliable host identification even when IP-based detection is masked by NAT.

This happens because we exclude static_index from cert authentication today. https://github.com/Katello/katello/blob/445e4d7f10926bc40c9efbbe8d0e021e82dfa5cf/app/controllers/katello/api/registry/registry_proxies_controller.rb#L9C5-L9C18
This exclusion can be removed.
How reproducible:

Is this issue a regression from an earlier version:

No

Steps to Reproduce:

1. Have a host VM with a NAT'd interface register to Katello

2. Register to Katello with certs setup 

3. See that the host doesn't use certs when communicating with katello registry and relies on host IP alone.

Actual behavior:
[Describe the issue in detail, including what is happening and where]

Expected behavior:
[Describe what should be happening instead]

Business Impact / Additional info: