Is your feature request related to a problem? Please describe.
OPA can be configured (both externally and the embedded version provided with opa-client) to authenticate requests using either an Authorization: Bearer <TOKEN> header or using mutual-TLS.
https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization

opal-client can be configured to work with an opa configured with --authentication=token by providing the a static token in
https://github.com/permitio/opal/blob/master/packages/opal-client/opal_client/config.py#L30
that, and on the opa side a package system.authz policy can verify this token.

However, I do believe that it's currently impossible to configure opal to work with an opa instance configured with --authentication=tls.
This is especially troubling as it is possible to configure even the embedded opa within opal-client this way (https://github.com/permitio/opal/blob/master/packages/opal-client/opal_client/opa/options.py#L16)

Describe the solution you'd like
A way to configure opal client to use client certificate chain and key (and ca) when communicating with the policy store (external or embedded)

Describe alternatives you've considered
None

Additional context
This was created after discussion in Slack here https://permit-io.slack.com/archives/C01RUUYV3TP/p1681310018277859
I will push a PR with an implementation suggestion