Add enterprise cert selection

v2:-Documentation.md

@@ -59,6 +59,7 @@ Features which are available in Caddy Enterprise are indicated with    🏢
 				- [http.responders.reverse_proxy](#httprespondersreverse_proxy)
 			- [http/servers/errors](#httpserverserrors)
 			- [http/servers/tls_conn_policies](#httpserverstls_conn_policies)
+				- [tls.certificate_selection.enterprise](#tlscertificateselectionenterprise)
 			- [http/servers/auto_https](#httpserversauto_https)
 		- [tls]()
 			- [tls/certificates](#tlscertificates)
@@ -981,7 +982,30 @@ Most users will not need this; it is an advanced configuration feature.
 - `match`: Configures how to match this policy with a TLS ClientHello. If the policy matches, it will be used.
 - `alpn`: The ALPN value(s) to set.
 - `cipher_suites`: The list of cipher suites to support.
-- `certificate_selection`: Configures how to choose a certificate if more than one match the given ServerName (SNI) value.
+- `certificate_selection`: Certificate selection module, which configures how to choose a certificate if more than one match the given ServerName (SNI) value.
+
+##### tls.certificate_selection.enterprise
+
+🏢 _Enterprise_
+
+Provides advanced certificate selection capabilities, when multiple certificates may satisfy a ClientHello's SNI value.
+
+All fields which are specified will be used to match certificates in the cache. If any specified field does not match the certificate, the certificate will not be chosen to complete the handshake.
+
+```json
+{
+	"serial_number": "",
+	"subject_organization": "",
+	"public_key_algorithm": "",
+	"tag": ""
+}
+```
+
+- `serial_number`: The certificate's serial number.
+- `subject_organization`: The X.509 Subject.Organization field.
+- `public_key_algorithm`: The kind of public key the certificate has.
+- `tag`: A tag added to the certificate when it was loaded into the cache. Tags may be added in the load_files or load_pem certificate loaders.
+
 
 #### http/servers/auto_https