When the cluster listener re-uses the existing TLS listener, the orderer still requires that a client certificate and key be specified in the orderer.yaml. However, usually, the existing general server TLS certificate and key may be reused here.
This story is to default the cluster client cert and key to be the same as the server cert and key, if no value is set, and if the cluster listener is reused.
If the cluster listener is not reused, or there is a value present, the new default should not be applied.
Reference: this raft IT shows the config values currently used to reuse the existing TLS listener (excluding the TLSHandshakeTimeshift, that's unrelated). Note that it only sets the ServerCertificate and ServerKey to "" but doesn't do the same for the ClientCertificate and ClientKey. As part of this fix, we should update that test to set those to "" as well.