Replace upstream "FIPS mode" with more fine-grained TLS hostname verification options

[nightkr]

https://github.com/stackabletech/zookeeper-operator/issues/760 was closed now that FIPS mode is on by default, disabling all ZK-specific TLS verification. That's a pretty blunt tool, so we opened https://github.com/apache/zookeeper/pull/2173 to add a more fine-grained option to control what we need. If that is merged then we should integrate it on our end.

[nightkr]

https://github.com/apache/zookeeper/pull/2173 has now been merged, and will be part of 3.9.4.