☂ Migrate off deprecated OpenSSL APIs and drop OPENSSL_API_COMPAT

[bryancall]

Apache Traffic Server builds and runs against OpenSSL 3.x today, but on OpenSSL 3.0 and newer the build sets OPENSSL_API_COMPAT=10002 (see CMakeLists.txt), which exposes the OpenSSL 1.0.2 API surface and lets deprecated calls keep compiling. That is a stopgap: it hides our remaining use of APIs that OpenSSL has deprecated and intends to remove. Looking ahead to OpenSSL 3.6 and later, we should migrate off these deprecated APIs and drop the compatibility shim so we stay buildable as they are removed.

Goal: remove all deprecated OpenSSL API usage and build cleanly without OPENSSL_API_COMPAT (ideally with OPENSSL_NO_DEPRECATED) on OpenSSL 3.x.

Tasks:

• Diffie-Hellman parameter helpers and ENGINE-based private key loading in src/iocore/net/SSLUtils.cc - Remove remaining deprecated OpenSSL 3.0 APIs in SSLUtils.cc (DH and ENGINE) #13347
• Add a CI build (or a documented local build) without OPENSSL_API_COMPAT, or with OPENSSL_NO_DEPRECATED, to surface every remaining deprecation warning across core and plugins
• Triage and fix the surfaced deprecations, tracking per-area sub-issues here
• Drop OPENSSL_API_COMPAT=10002 from CMakeLists.txt once the tree builds clean
• Confirm the test suite passes on the targeted OpenSSL 3.x release

Context: this is the forward-looking successor to the older umbrella #7341 (now closed), which tracked initial OpenSSL 3.0 compatibility. ATS already builds and passes CI on OpenSSL 3.0.8 and 3.5.6; the work here is to remove the deprecated-API reliance entirely rather than mask it with the compatibility define.