When OCSP is enabled, if leaf TLS configured, leaf silently set/overridden to mTLS

[tbeets]

When OCSP is enabled, if leaf TLS configured, leaf silently set/overridden to mTLS

In server up to 2.9.15, where OCSP is enabled, operator is unable to configure a Leaf listener with TLS enablement (server-only validation) by setting verify option to false or not specifying a value for verify and taking documented default (false).

The server silently sets client auth TLS policy to true on the Leaf listener.

Steps or code to reproduce the issue:

1. Configure a NATS server with the OCSP staple feature enabled.
2. Add a leaf configuration with a TLS block with verify: false
3. Attempt NATS leaf remote connection to the NATS Server with 1-way TLS (server only)

Expected result:

Client INFO reflects tls_verify as false and 1-way TLS handshake succeeds.

Actual result:

Client INFO on connect reflects tls_verify as true and 1-way TLS (server only) does not succeed

[tbeets]

Override happening here in ocsp.go. Root issue is Leaf kind of connection is being treated as an in-cluster server-to-server connection like a Route kind or Gateway kind, but should be treated as a variation of an external NATS client instead.

[wallyqs]

Fixed via #3964