Add feature to disable support for SSLv2 formatted client hellos

[jmayclin]

Problem:

For server's running in modern contexts, we should allow them to disable SSLv2 Client Hello support to comply with the RFC Recommendations.

Implementations MUST NOT send an SSL version 2.0 compatible CLIENT-HELLO. Implementations MUST NOT negotiate TLS 1.3 or later using an SSL version 2.0 compatible CLIENT-HELLO. Implementations are NOT RECOMMENDED to accept an SSL version 2.0 compatible CLIENT-HELLO in order to negotiate older versions of TLS.
https://www.rfc-editor.org/rfc/rfc8446#appendix-D.5

Solution:

Security policies that have a minimum TLS version of 1.3 should reject SSLv2 formatted client hellos.

Requirements / Acceptance Criteria:

A client attempting to use an SSLv2 client hello with the new behavior must fail.

[jmayclin]

Perhaps this is already our behavior? I'll try and do a bit more investigation on this.
Update:
When attempting to use TLS 1.3 with an SSLv2 client hello, s2n_client_hello_recv did fail, but with a nonspecific

Error Message: 'Cipher is not supported'

It would be nice to add an actual assertion here with a nice Duvet comment referencing the RFC.