Certificate-filters in self-hosted version of Temporal

[slavb18]

Is your feature request related to a problem? Please describe.
Currently, certificate-filters only work with the cloud version of Temporal. It would be beneficial to have this functionality available in the self-hosted version as well, as it's frustrating for users running on-prem environments to lack similar security features.

Describe the solution you'd like
A potential solution could be implementing a custom myClaimMapper.go, which would read from a certificate-filters file and use it as a claim mapper to enforce restrictions based on certificate attributes.

Describe alternatives you've considered
An alternative approach could involve using an nginx gRPC proxy that applies certificate-based access control at the network level, though this might add additional complexity compared to a native Temporal solution.

Additional context
Providing a solution that works similarly in both cloud and self-hosted environments will help maintain feature parity and improve security for self-hosted users.