Test disabling feature flags in CI

[goatgoose]

Problem:

Currently, the CI jobs compile s2n-tls normally in order to run unit tests, which results in feature flags being enabled based on the capability of the CI instances. This leads to cases where some code paths aren't tested due to them being disabled when a feature flag is enabled.

For example, when the S2N_CPUID_AVAILABLE feature is enabled, using urandom for mixing entropy may be disabled (see https://github.com/aws/s2n-tls/issues/4366).

We should add test coverage for cases where feature flags are disabled.

Solution:

We should implement a way to run unit tests in CI after disabling feature flags that were actually enabled during normal feature probing. However, this won't work in the other direction since the CI instance must actually support a feature flag in order to enable it.