Driver-only hashes: TLS 1.2: `ssl-opt.sh`

[mpg]

This is a follow-up to #6128. After having TLS 1.2 build and test_suite_ssl pass in a build with driver-only hashes, we want the rest of the TLS 1.2 tests to pass; this task is about ssl-opt.sh.

• [ ] Add a new function requires_hash_alg that takes as argument a string like SHA-256, SHA-384, etc and sets SKIP_NEXT or not depending on whether the hash is available; for example SHA-256 is available if (!USE_PSA && SHA256_C) || (USE_PSA && PSA_WANT_ALG_SHA_256). This should be done with a series of invocations of query_compile_time_config and the result should be cached (see other similar functions). (Note: this is very similar to the MBEDTLS_HAS_xxx_VIA_MD_OR_PSA_BASED_ON_USE_PSA macros from library/legacy_or_psa.h; however this header is internal, so query_compile_time_config does not (and should not) allow queries about it.)
• [ ] Go over the dependencies declarations on MBEDTLS_SHAxxx_C in tests/ssl-opt.sh and replace them with uses of the above function. (Note: 36 occurrences today.)
• [ ] Run ssl-opt.sh in configuration similar to all.sh's component_test_psa_crypto_config_accel_hash_use_psa, but without drivers and all hashes provided in software (so, essentially the default config minus things like PKCS5, PKCS12, etc.), and fix any failure that my arise - most likely undeclared dependencies (for example when loading password-protected keys).
• [ ] Add a run of ssl-opt.sh at the end of all.sh's component_test_psa_crypto_config_accel_hash_use_psa.
• [ ] Fix any failures that may arise.
• [ ] Ensure coverage parity (between runs before and after this PR, and between the above all.sh component and a similar config with software hashes). This could be done by comparing the output of the script from the all.sh component of interest with a similar build, or by using the outcome files - see docs/architecture/psa-migration/outcome-analysis.sh which could be extended to cover ssl-opt.sh.

Depends on: #6128, #6131