docs(examples): add mTLS and custom TLS configuration example

[JakeBx]

Closes #1279

What

Adds examples/mtls.py demonstrating how to use the SDK with mTLS client certificate authentication and custom CA bundles.

Why

mTLS is becoming an industry standard for API access in regulated environments. OpenAI recently launched an mTLS beta program for their API, and enterprise users are increasingly expecting the same capability from Anthropic deployments.

Common use cases include:

• mTLS client certificates for per-user attribution in shared API gateway deployments
• Custom CA bundles for corporate TLS inspection proxies (Zscaler, Netskope, etc.)

This is a recurring question across the ecosystem:

• feat(anthropic): support custom httpx client for mTLS and certificate-based authentication langchain-ai/langchain#35843 — mTLS support for Anthropic in LangChain (open, active)
• anthropic.APIConnectionError: Connection error. Due to proxy env variables not getting applied to. #923 — proxy env variables not applied (fixed in v0.54.0, shows enterprise proxy usage is a real pain point)

The underlying SDK already supports this via the http_client parameter, but there is no example or documentation showing the pattern.

How

Uses the existing http_client parameter with DefaultHttpxClient / DefaultAsyncHttpxClient. No SDK code changes required — this is purely documentation of existing capability.

The example builds an ssl.SSLContext with the CA bundle and client certificate, then passes it as verify= to DefaultHttpxClient. This preserves all SDK defaults (connection limits, timeouts, TCP keepalive, proxy detection) while enabling mTLS:

import ssl
from anthropic import Anthropic, DefaultHttpxClient

ctx = ssl.create_default_context()
ctx.load_verify_locations("/path/to/ca-bundle.crt")
ctx.load_cert_chain("/path/to/client.crt", "/path/to/client.key")

client = Anthropic(
    http_client=DefaultHttpxClient(verify=ctx),
)

Covers three scenarios:

1. mTLS with sync client (Anthropic + DefaultHttpxClient)
2. mTLS with async client (AsyncAnthropic + DefaultAsyncHttpxClient)
3. Corporate proxy custom CA bundle (no client cert)

Testing

Verified locally against an nginx mTLS reverse proxy with self-signed certificates. The TLS handshake completes successfully and the SDK correctly processes the upstream response.