This commit introduces the scaffolding for the `SSL_CONF_*` APIs that
were previously stubbed. All of the API fns with the exception of
`SSL_CONF_cmd_argv` are now implemented as of this commit.

Note: we do not yet suppor the vast majority of possible `SSL_CONF_cmd`
options. To start, only `MinProtocol` and `MaxProtocol` are supported.
Additional commands will be supported in subsequent commits.

* Replace `ubuntu-latest` with `ubuntu-22.04` - we expect that soon that
  tag will point at 24.04 and we want to keep testing w/ 22.04
  explicitly
* Add `ubuntu-24.04` - in the future, once the switch mentioned above
  has happened, we can replace this with `ubuntu-latest` once more.
* Add a helper to `tests/runner.rs` for checking the Nginx version. We
  use this to conditionally skip the TLS session resumption nginx tests
  when running on 24.04 with Nginx 1.24+ - there's an outstanding issue
  where resumption doesn't work with this nginx version.

We want to test the `ssl_conf_command` directive, but this is only
available in nginx 1.24+.

This commit adds a 1.24 specific config file and updates the test runner
so we can spin up and test a nginx 1.24 server with this config when
available.

For now we test the `MinProtocol` and `MaxProtocol` OpenSSL CONF_CTX
commands that the compat shim supports.

We define a `_SSL_CONF_CTX_clear_flags` entrypoint, but weren't using it
prior to this commit.

We already implemented `SSL_CTX_get_verify_mode` and had all the pieces
laying around for the `SSL` equiv. Implementing this for `SSL` objects
will make writing a unit test for a piece of the `SSL_CONF_` API easier.

An nginx integration test is blocked on implementing
`SSL_CTX_set_verify`.

Most of these will require implementing more logic elsewhere before we
can add a supported command.

With Nginx 1.24.0 we saw a regression in the runner `nginx` test when
checking that session resumption worked as expected with a `curl`
client. This commit fixes the issue by disabling `ssl_session_tickets`
for the server config using `ssl_session_cache shared:...` (port 8446).

Since Nginx 1.23.2, the `shared` session cache has done double duty,
also managing generating, storing, and updating TLS session ticket keys.
This is done primarily with the OpenSSL
`SSL_CTX_set_tlsext_ticket_key_cb`/`SSL_CTX_set_tlsext_ticket_key_evp_cb`
APIs, which we don't yet support. We're also not setting a ticketer for
the Rustls `ServerConfig` we construct.

The net result is that when using our compat shim with Nginx 1.23.2+ we
need to explicitly disable session ticket support in order for the
`shared` session cache to work the way we expect for classic sessions.

Unless `SSL_OP_NO_TICKET` has been set in the `raw_options` we should
configure a ticketer in the `ServerConfig` constructed by
`Ssl::init_server_conn`.

The nginx test server configurations are updated to all disable session
tickets. For the no resumption case, this is what we want explicitly.
For the existing resumption tests this is necessary to test the stateful
session resumption. A new configuration that enables session tickets is
added to test that resumption method. The `nginx` runner test is updated
to test this new configuration works as expected w/ a `curl` client.

Some simple coverage is added to `server.c`

The `SSL_CTX_set_tlsext_ticket_key_cb` and
`SSL_CTX_set_tlsext_ticket_key_evp_cb` API functions can be used to set
up callbacks for managing TLS session tickets. Implementing this
properly will be challenging as they take `EVP_CIPHER_CTX` and
`EVP_MAC_CTX` arguments and expect the caller to do a lot of the
heavy-lifting.

For now let's stub it and see how far we can get by just opaquely
handling TLS session tickets internal to Rustls w/ our own ticketer.