feat: add variable to enable or disable TLS 1.3 for iOS app support

[JanMalte]

As the iOS app is currently not supporting TL 1.3, an option to disable TLS 1.3 on the web server would be good.

As the ssl_protocols nginx setting can not be overwritten by later occurences, the default SSL config has to support this.

docker-jitsi-meet/web/rootfs/defaults/ssl.conf

Line 18 in 6596f22

ssl_protocols TLSv1.2 TLSv1.3;

Maybe something like this

# protocols
# Mozilla Guideline v5.6, nginx 1.14.2, OpenSSL 1.1.1d, intermediate configuration, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6
{{ if .Env.DISABLE_TLS_V13 | default "0" | toBool }}
ssl_protocols TLSv1.2;
{{ else }}
ssl_protocols TLSv1.2 TLSv1.3;
{{ end }}
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

More information:

• The iOS mobile app version 24.4.0 cannot handle websockets using TLS v1.3 (only TLS v1.2) jitsi-meet#15044
• Support using TLS 1.3 facebookincubator/SocketRocket#701
• https://gist.github.com/DakuTree/1d809cf213b9bdf8664884fa7b265f48

[saghul]

Is the current default a problem? Won't TLS v1.2 be negotiated?