During connection establishment, if a client certificate is presented whose expiration is within tlsX509ExpirationWarningThresholdDays, a warning is emitted. This can result in many warnings.
To limit these warnings, we should record observed certificates along with a timestamp of when they were last warned about. This information should be stored in an LRU cache to bound it.
We should warn if the presented certificate is expiring soon, and is either not contained in the cache, or the time it was last warned about is sufficiently far in the past.