chore(nix): switch to nixpkgs libressl

[dougch]

Release Summary:

Resolved issues:

N/A

Description of changes:

We're currently building LibreSSL 3.6.1 from an old source tarball. This version was released in 2022. Since nixpkgs builds LibreSSL, this PR switches to using the upstream (version 4.x) and simplify our nix setup.

This also adds a unit test.

 % nix develop .#libressl
Setting up libressl environment from flake.nix...
nix/shell.sh: Entering a devShell
Libcrypto binary /nix/store/4f3ym237jqxcrld66vhfnsh0bjkp2n9b-openssl-1.0.2/bin/openssl available as openssl102
Libcrypto binary /nix/store/2c8cbb1dz21jbgnvgdr3j6qmy8scfay7-openssl-1.1.1/bin/openssl available as openssl111
Libcrypto binary /nix/store/9igixz75ng2hvhg9x551dlkiy37gj0x1-openssl-3.0.7/bin/openssl available as openssl30
Libcrypto binary /nix/store/k9mlwq9f436jbq6sd6mzxkd7vms0jd5b-aws-lc/bin/bssl available as awslc
Libcrypto binary /nix/store/sm35za7zh6z22ibswdfc8z2a0kk7dcj8-aws-lc-fips-2022/bin/bssl available as awslcfips2022
Libcrypto binary /nix/store/hcqgjy9ni2ga7iwvr6vv1vnxw6q2lwxx-aws-lc-fips-2024/bin/bssl available as awslcfips2024
Libcrypto binary /nix/store/0w7ih5v7yiinm6h9rgdsa7f82v3h6fhz-libressl-4.0.0-bin/bin/openssl available as libressl
(nix:nix-shell-env) [nix libressl] dougch@kronk:~/gitrepos/s2n-tls$ libressl version
LibreSSL 4.0.0

% clean;configure;build
...
[nix libressl] dougch@kronk:~/gitrepos/s2n-tls$ ldd ./build/lib/libs2n.so
        linux-vdso.so.1 (0x0000fffff7ffe000)
        libcrypto.so.55 => /nix/store/z1lazn2z4a1givdlvmdrg1bhl1va9lv7-libressl-4.0.0/lib/libcrypto.so.55 (0x0000fffff7c20000)
        libdl.so.2 => /nix/store/1i8majcp529x3c54gindgs92aqi4d59y-glibc-2.40-66/lib/libdl.so.2 (0x0000fffff7bf0000)
        librt.so.1 => /nix/store/1i8majcp529x3c54gindgs92aqi4d59y-glibc-2.40-66/lib/librt.so.1 (0x0000fffff7bc0000)
        libm.so.6 => /nix/store/1i8majcp529x3c54gindgs92aqi4d59y-glibc-2.40-66/lib/libm.so.6 (0x0000fffff7b10000)
        libc.so.6 => /nix/store/1i8majcp529x3c54gindgs92aqi4d59y-glibc-2.40-66/lib/libc.so.6 (0x0000fffff7940000)
        /nix/store/1i8majcp529x3c54gindgs92aqi4d59y-glibc-2.40-66/lib/ld-linux-aarch64.so.1 (0x0000fffff7fb0000)
        libpthread.so.0 => /nix/store/1i8majcp529x3c54gindgs92aqi4d59y-glibc-2.40-66/lib/libpthread.so.0 (0x0000fffff7910000)

Call-outs:

Because the LibreSSL binaries aren't used in every integration test run, we only use it in the devShell where we're building against it (nix develop .#libressl)

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? CI

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.