A couple of things we should probably work out up front would be what exactly would be exposed, where and if it should be optional.
I think it should be optional, but not sure if it should be toggled in the http-request node or in the tls config node (this is shared with other nodes, but getting server details may apply to other nodes as well, but the implementation of the certificate retrieval would still have to be in each node.)
My suggestion would be to make it pure optional (not configurable). As you said, it would need to be introduced to all nodes that handle a TLS connection.
We could simply add the object to msg.peerCertificate
In regards to how to get the information at all. I was having success when turning got to use the stream API. This way we get notified on the secureConnect event and can store the certificate data.
I did this a while ago. I used the http request node as a starting point and created a separate node (node-red-contrib-https - npm). Since then, the http request node has evolved. I like the extended features and options the http request node has received.
IMHO it would be simpler to extend the existing node. Especially, since it is only about information that is anyhow available already.