During X.509 authentication we raise a warning when a cluster-member certificate is presented but the client hasn't actually declared themselves as internal. Due to changes from SERVER-90285, the API call `isInternalClient()` no longer returns true for unauthenticated clients, and as this warning is issued from the authentication path (pre-auth), we'll never pass `isInternalClient` and always throw warnings.
Use the `isPossiblyUnauthenticatedInternalClient()` API instead inside
`SaslX509ServerMechanism::stepImpl` in `sasl_x509_server_conversation.cpp`