md5: allow disabling old-style encrypted private keys at build-time

Before this patch, this happened at runtime when using an old (pre-3.0),
FIPS-enabled OpenSSL backend.

This patch makes it possible to disable this via the build-time option
`LIBSSH2_NO_MD5_PEM`.

Also:
- make sure to exclude all MD5 internal APIs when both the above and
  `LIBSSH2_NO_MD5` are enabled.
- fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
  and `LIBSSH2_NO_3DES`.
- add FIXME to apply this change to `os400qc3.*`.

Old-style encrypted private keys require MD5 and they look like this:
```
-----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
 DEK-Info: AES-128-CBC,<MD5-hex>

 <base64>
 -----END RSA PRIVATE KEY-----
```

E.g.: `tests/key_rsa_encrypted`

Ref: https://github.com/libssh2/www/issues/20
Closes #1181

.github/workflows/ci.yml

@@ -322,7 +322,7 @@ jobs:
       - name: 'make build'
         if: ${{ matrix.build == 'make' }}
         env:
-          CPPFLAGS: -DLIBSSH2_NO_MD5 -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_NO_DSA -DLIBSSH2_NO_AES_CBC -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES
+          CPPFLAGS: -DLIBSSH2_NO_MD5 -DLIBSSH2_NO_MD5_PEM -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_NO_DSA -DLIBSSH2_NO_AES_CBC -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES
           LIBSSH2_CPPFLAGS_LIB: -DLIBSSH2_EXPORTS
           ZLIB_PATH: /${{ matrix.sys }}
           OPENSSL_PATH: /${{ matrix.sys }}