MFH: r516218

security/openvpn[-mbedtls] upstream update to OpenVPN 2.4.8

This upstream release integrated two FreeBSD patches by Kyle Evans and me,
which are herewith dropped from the port.

Upstream release banner
"This is primarily a maintenance release with minor bugfixes and improvements."

High-level changes:
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-248

Manually filtered FreeBSD-related excerpt from Git log: v2.4.7..v2.4.8:

• mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() [Antonio Quartulli]
• openssl: Fix compilation without deprecated OpenSSL 1.1 APIs [Rosen Penev]
• Force combinationation of --socks-proxy and --proto UDP to use IPv4. [Gert Doering]
• Ignore --pull-filter for --mode server [Richard Bonhomme]
• Fix typo in NTLM proxy debug message [Mykola Baibuz]
• tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. [Kyle Evans]
• Handle PSS padding in cryptoapicert [Selva Nair]
• Fix regression, reinstate LibreSSL support. [Matthias Andree]
• Increase listen() backlog queue to 32 [Gert Doering]
• Wrong FILETYPE in .rc files [Gisle Vanem]
• Do not set pkcs11-helper 'safe fork mode' [Hilko Bengen]
• man: correct the description of --capath and --crl-verify regarding CRLs [Michal Soltys]
• Fix various compiler warnings [Lev Stipakov]
• build: Package missing mock_msg.h [David Sommerseth]
• cmocka: use relative paths [Steffan Karger]
• docs: Update INSTALL [David Sommerseth]
• Better error message when script fails due to script-security setting [Selva Nair]
• Fix documentation of tls-verify script argument [Thomas Quinot]

Detailed changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8

Build tests in poudriere and in a live system succeeded on:
11.2-RELEASE 1102000 arm64.aarch64
11.2-RELEASE 1102000 mips.mips64
11.2-RELEASE-p14 i386
11.3-RELEASE-p3 amd64
12.0-RELEASE-p10 i386
12.0-RELEASE-p6 amd64
12.0-RELEASE-p10 amd64 (live)

Approved by: ports-secteam@ (joneum@)