[FFE] FIPS compatibility patches

We have an open MR with a handful of FIPS compatibilty changes we wore hoping
to get into 24.04. The main purpose of the changes is to detect whether the
kernel is running in FIPS mode and adjust the behavior of the library
accordingly by loading the correct provider backend and using defaults that
are FIPS compliant (no md5, DES etc) instead trying to use non-compliant code
paths and crashing.

The proposed patches were taken from the OpenSSL version shipped in the FIPS
archive at esm.ubuntu.com for 22.04. Having them in the regular archive will
reduce the maintenance work significantly. None of the changes should have any
impact on running OpenSSL in regular (non-fips) mode.

Below is a detailed list of the changes:

- d/p/fips/crypto-Add-kernel-FIPS-mode-detection.patch:
  This adds a new internal API to determine whether the kernel has been booted
  in FIPS mode. This can be overridden with the OPENSSL_FORCE_FIPS_MODE
  environment variable. OPENSSL_FIPS_MODE_SWITCH_PATH can be used to specify an
  alternative path for the fips_enabled file and is used in tests.
  The FIPS_MODULE switch can be used to enable build of the the FIPS provider
  module specific parts which are not needed in the OpenSSL library itself.

- d/p/fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch:
  This automatically configures all library contexts to use the FIPS provider when
  the kernel is booted in FIPS mode by:
  - Setting "fips=yes" as the default property for algorithm fetches
  - Loading and activating the FIPS provider as the fallback provider.

  If applications load providers via a configuration either because the default
  configuration is modified or they override the default configuration, this
  disables loading of the fallback providers. In this case, the configuration
  must load the FIPS provider when FIPS mode is enabled, else algorithm fetches
  will fail

  Applications can choose to use non-FIPS approved algorithms by specifying the
  "-fips" or "fips=no" property for algorithm fetches and loading the default
  provider.

- d/p/fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch:
  Omit unavailable algorithms in FIPS mode

- d/p/fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch
  The -propquery argument might be used to define a preference for which provider
  an algorithm is fetched from. Set the query properties for the library context
  DRBG fetches as well so that they are fetched with the same properties.

- d/p/fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch:
  This test uses 2 library contexts - one context for creating initial test keys,
  and then another context (or the default context) for running tests. There is an
  issue that during the encoding tests, the OSSL_ENCODER_CTX is created from the
  created EVP_PKEYs, which are associated with the library context used to create
  the keys. This means that encoding tests run with the wrong library context,
  which always uses the default provider.

These changes are now included in a larger MR with other changes in the same package version: https://code.launchpad.net/~adrien-n/ubuntu/+source/openssl/+git/openssl/+merge/462486

The now-superseded MR is at https://code.launchpad.net/~tobhe/ubuntu/+source/openssl/+git/openssl/+merge/460953

Since OpenSSL just received another big update to 3.0.13 we had to rebase our changes
and will have to rerun our install/upgrade tests.

A test build is also available at https://launchpad.net/~tobhe/+archive/ubuntu/openssl-test/