This change adds the WITH{_OUT}_OPENSSL_{FIPS,LEGACY}_PROVIDER build
knobs to control whether or not the fips and legacy providers should be
built and installed with the FreeBSD version of OpenSSL.

The fips provider distributed with the FreeBSD base version of OpenSSL
isn't guaranteed to be FIPS 140-* validated, so give consumers of
FreeBSD's base system version of OpenSSL the option of not
building/installing an unvalidated FIPS provider. The legacy provider on
the other hand, does provide some value, except in scenarios where
consumers of FreeBSD want to burn all legacy provider provided
algorithms for "security reasons" by not supporting deprecated
algorithms.