Define a policy for what check_config rejects

[gilles-peskine-arm]

check_config.h rejects some configurations for various reasons, including:

• Not rejecting it would lead to some other build failure. Typically, but not only, when A can't even compile without B (e.g. RSA without bignum).
• The configuration includes useless parts (and might not built anyway, at least due to unused variable warnings). E.g. md without at least one hash.
• The configuration sets a flag that will be ignored. E.g. MBEDTLS_PKCS1_V21 without MBEDTLS_RSA_C. We aren't consistent with this, e.g. currently you can set MBEDTLS_RSA_NO_CRT without MBEDTLS_RSA_C, and no non-boolean option is checked.
• Contradictory options. E.g. MBEDTLS_HAVE_INT{32,64}. (But not
• MBEDTLS_PLATFORM_xxx_ALT vs MBEDTLS_PLATFORM_xxx_MACRO we actually obey an undocumented precedence order there.)

The goal of this task is:

• Define a policy that we should follow from now on, and document it at the top of check_config.h. The policy has to be backward-compatible. Note that forbidding more configurations that currently happen to work is not backward-compatible.
• Estimate how far we are currently deviating from this policy, and define tasks to fix the policy deviations.