Docs: document TLS configuration for generic OAuth (#27006)

* Docs: document TLS configuration for generic OAuth

* use SSL/TLS term

* Update docs/sources/auth/generic-oauth.md

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update docs/sources/auth/generic-oauth.md

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

docs/sources/auth/generic-oauth.md

@@ -38,10 +38,21 @@ token_url =
 api_url =
 allowed_domains = mycompany.com mycompany.org
 allow_sign_up = true
+tls_skip_verify_insecure = false
+tls_client_cert =
+tls_client_key =
+tls_client_ca =
 ```
 
 Set `api_url` to the resource that returns [OpenID UserInfo](https://connect2id.com/products/server/docs/api/userinfo) compatible information.
 
+You can also specify the SSL/TLS configuration used by the client. 
+- Set `tls_client_cert` to the path of the certificate. 
+- Set `tls_client_key` to the path containing the key.
+- Set `tls_client_ca` to the path containing a trusted certificate authority list.
+
+`tls_skip_verify_insecure` controls whether a client verifies the server's certificate chain and host name. If it is true, then SSL/TLS accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks.
+
 Grafana will attempt to determine the user's e-mail address by querying the OAuth provider as described below in the following order until an e-mail address is found:
 
 1. Check for the presence of an e-mail address via the `email` field encoded in the OAuth `id_token` parameter.