fetchers: drop support for ancient OpenSSL We now require 1.1.1 or later (and, preferably, 3.x). Also take the opportunity to add support for LibreSSL 3.5.0 or later (we still support ancient versions of this because 3.5.0 is still relatively modern -- give it a few more years and support for old LibreSSL can go, too)