[Core] Use a FIPS BoringSSL build

[JoshKarpel]

Why are these changes needed?

We would like to run Ray with Ray's built-in TLS support for its gRPC channels https://docs.ray.io/en/latest/cluster/kubernetes/user-guides/tls.html with FIPS 140-3 support. It looks like the critical component here is BoringSSL, which is Google's fork of OpenSSL that is used for TLS in gRPC.

Since Ray statically links BoringSSL into the build, we need to change what version of BoringSSL is linked into Ray at build time to achieve this. It looks like the way to do this is to select a FIPS-compliant release of BoringSSL to pull into the Bazel build. I've left comments in the config about which build I chose and why.

Related issue number

Checks

• I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
• I've run scripts/format.sh to lint the changes in this PR.
• I've included any doc changes needed for https://docs.ray.io/en/master/.
  • I've added any new APIs to the API Reference. For example, if I added a
    method in Tune, I've added it in doc/source/tune/api/ under the
    corresponding .rst file.
• I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
• Testing Strategy
  • Unit tests
  • Release tests
  • This PR is not tested :(