As per HELP-29242, only SCRAM-SHA-1, SCRAM-SHA-256, MONGODB-CR, and PLAIN are supported on the destination.
Due to the above, we can also remove reference to X.509 and AWS IAM under --destinationAuthenticationDatabase.
It looks like this info. was updated in
DOCS-14603, but there isn't parity between --authenticationMechanism and --destinationAuthenticationMechanism.