MDEV-14091 Support password protected SSL key in server.

Add ssl_passphrase server parameter, which works similarly
to --passout/--passin openssl command line parameters.

Pass phrase value can be formatted as follows.

- pass:password
Provide actual password after the pass: prefix.

- env:var
Obtain the password from the environment variable 'var'a

- file:pathname
Reads the password from the specified file pathname.
Only the first line, up to the newline character, is read from the stream.

If ssl_passphrase was set, SHOW VARIABLE will show "file:", "env:" or
  "pass:" (but won't reveal sensitive data)

mysql-test/lib/generate-ssl-certs.sh

@@ -24,6 +24,9 @@ openssl req -x509 -newkey rsa:4096 -keyout cakey.pem -out cacert.pem -days 7300
 openssl req -newkey rsa:4096 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/CN=localhost/C=FI/ST=state or province within country, in other certificates in this file it is the same as L/L=location, usually an address but often ambiguously used/OU=organizational unit name, a division name within an organization/O=organization name, typically a company name'
 # convert the key to yassl compatible format
 openssl rsa -in server-key.pem -out server-key.pem
+# also create a password-protected server key
+echo MySecretPass > encrypted-server-key-password.txt
+openssl rsa -aes256 -in server-key.pem -out encrypted-server-key.pem -passout file:encrypted-server-key-password.txt
 # sign the server certificate with CA certificate
 openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -in demoCA/server-req.pem