Drop support for TLS 1.0 and 1.1.
This branch drops support for TLS 1.0 and 1.1, which are no longer considered secure and aren't required by modern browsers. The Qualys SSL Server Test won't give an A grade to any site that still supports TLS 1.0 or 1.1.
Some other SSL settings are updated in accordance with Mozilla's recommendations:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
The previous settings were based on Mozilla's "modern" configuration, but the goalposts have moved and modern is now too modern for us (TLS 1.3 is required), so this branch uses the current "intermediate" configuration, which is recommended for servers.