[chore][VERSIONING.md] Changing protocol support for security is allowed

[mx-psi]

Description

We have recently discussed bumping the minimum TLS version to follow security best practices. Since we are about to stabilize configtls (see #10344), I raised the question of whether this would be a breaking change that should be done before 1.0.

I argue that we should be allowed to do this after 1.0 because:

• The Go 1 version compatibility doc states

Security. A security issue in the specification or implementation may come to light whose resolution requires breaking compatibility. We reserve the right to address such security issues.

• The Go team has made similar changes in the past for Go as a whole

While this is not a security issue but a security best practice, the golang/go issue seems to indicate that changes like this would be in the spirit of the Go 1 version compatibility promise.