Migrate DHE test cases to ECDHE

[gilles-peskine-arm]

There are a few TLS 1.2 test cases where we're currently using a DHE key exchange, but we could indifferently use ECDHE. Since we are removing DHE, we need to migrate those test cases to ECDHE.

Remove the other test cases that force a DHE key exchange.

Definition of done:

• Correctness: we don't lose test coverage, except specifically around DHE.
• Completeness: there are no test cases in test_suite_ssl or ssl-opt that force DHE.

This applies to development only. But we may want to backport the new test cases as additional tests in 3.6 for a minor but very cheap coverage improvement.

To clarify the scope:

• A test case that uses DHE because its objective is to test DHE should be removed.
• A test case that uses DHE, for which there is another test case that's identical except for using ECDHE, should be removed.
• A test case that uses DHE, but could do without it, and has no equivalent non-DHE test case, should be adapted.

The test cases that should be adapted, analyzed on 467edcd:

• test_suite_ssl
  • resize_buffers_renegotiate_mfl: we're testing ECDHE-RSA with GCM, and DHE-RSA with CBC. I think there's no particular reason for that and in 4.0 we should just change thee DHE test cases to ECDHE.
• ssl-opt.sh
  • "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1"
  • ""Opaque keys for server authentication: EC + RSA, force DHE-RSA" ? Not sure if other test cases reach the same path
  • "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, DHE-RSA: OK"
  • "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (hard)"
  • "keyUsage cli 1.2: KeyEncipherment, DHE-RSA: fail (soft)"
  • "keyUsage cli 1.2: DigitalSignature, DHE-RSA: OK"

[ronald-cron-arm]

Done by #9916