Use a different hostname instead of a different port for Smartcard authentication

Currently Smartcard authentication uses an "additional NGINX server context with a different port" to handle client TLS authentication (docunmented here).

This works well with Omnibus as addressed by omnibus-gitlab#3968 (closed). But it becomes a problem with Kubernetes deployment as explained here https://gitlab.com/charts/gitlab/issues/988#note_149953355. It is mainly due to how Kubernetes manages network objects and their relationships and their side-effects on deployment.

Serving the client TLS authentication on a different hostname over 443 can solve the issue with Kubernetes Ingress controller.