Downgrade OpenSSL version to 1.1.1

What does this MR do and why?

This backports !7871 (merged) to 17-3-stable.

This reverts the changes in !7797 (merged) because this breaks LDAP and other client integrations that don't support TLS 1.2: https://github.com/openssl/openssl/issues/13299#issuecomment-722124937

TLS 1.0 and 1.1 are supported by OpenSSL 3 if SSLContext#security_level= is set to 0, but as far as I can tell there's no simple way to ensure that this is enabled by default right now. So until we do this properly or have a proper deprecation process for TLS 1.1 and 1.0, we probably need to stay on OpenSSL 1.1.1.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
• The original MR has been deployed to GitLab.com (not applicable for documentation or spec changes).
• This MR has a severity label assigned (if applicable).

Note to the merge request author and maintainer

The process of backporting bug fixes into stable branches is tracked as part of an internal pilot. If you have questions about this process, please:

• Refer to the internal pilot issue for feedback or questions.
• Refer to the patch release runbook for engineers and maintainers for guidance.