Load client cert and key only once at startup

go/fake-http/fake-http.go

		}
	}
	cert := tls.Certificate{}
	if flags.proxyClientCert != "" && flags.proxyClientKey != "" {
		var err error
		cert, err = tls.LoadX509KeyPair(flags.proxyClientCert, flags.proxyClientKey)
		if err != nil {
			log.Fatalf("Error: parsing client cert and key: %s", err)
		}
	}
	var responsesPath string
	if flag.NArg() == 1 {
		responsesPath = flag.Arg(0)
		var resp *http.Response
		if flags.proxyURL != "" {
			resp = respondWithProxy(flags.proxyURL, w, req)
			resp = respondWithProxy(flags.proxyURL, &cert, w, req)
		} else {
			resp = respondWithStub(responses, w, req)
		}
	return resp.AsHTTP()
}
func respondWithProxy(proxyURL string, w http.ResponseWriter, req *http.Request) *http.Response {
func respondWithProxy(proxyURL string, cert *tls.Certificate, w http.ResponseWriter, req *http.Request) *http.Response {
	proxyTransport := &http.Transport{
		TLSClientConfig: &tls.Config{
			GetClientCertificate: func(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
				if flags.proxyClientCert != "" && flags.proxyClientKey != "" {
					cert, err := tls.LoadX509KeyPair(flags.proxyClientCert, flags.proxyClientKey)
					if err != nil {
						return nil, err
					}
					return &cert, nil
				}
				return &tls.Certificate{}, nil
				return cert, nil
			},
			InsecureSkipVerify: true,
		},