dird: allow to disable TLS-PSK downgrades

[alaaeddineelamri]

Thank you for contributing to the Bareos Project!

Description

This PR disables TLS-PSK downgrades and allows to manually enable them in the configuration.

Please check

• Short description and the purpose of this PR is present above this paragraph
• Your name is present in the AUTHORS file (optional)

If you have any questions or problems, please give a comment in the PR.

Helpful documentation and best practices

• Git Workflow
• Automatic Sourcecode Formatting
• Check your commit messages

Checklist for the reviewer of the PR (will be processed by the Bareos team)

Make sure you check/merge the PR using devtools/pr-tool to have some simple automated checks run and a proper changelog record added.

General

• Is the PR title usable as CHANGELOG entry?
• Purpose of the PR is understood
• Commit descriptions are understandable and well formatted
• Check backport line

Source code quality

• Source code changes are understandable
• Variable and function names are meaningful
• Code comments are correct (logically and spelling)
• Required documentation changes are present and part of the PR

Tests

• Decision taken that a test is required (if not, then remove this paragraph)
• The choice of the type of test (unit test or systemtest) is reasonable
• Testname matches exactly what is being tested
• On a fail, output of the test leads quickly to the origin of the fault

[arogge]

I'm not sure that I'm happy with that naming.
Maybe it is worth investigating how TLS Require = yes would behave in that context. I think setting TLS Require = yes should not allow a downgrade to cleartext.

[arogge]

Looks good to me.
We should probably have a follow-up PR that changes the default for TLS Required to yes.