Remove OpenSSL 1.0.2 support

[qmuntal]

Supporting OpenSSL 1.0.2 adds a lot of complexity to the code base, mainly because it doesn't provide some of the APIs available in higher versions.

Examples of OpenSSL 1.0.2-only code are:

• https://github.com/golang-fips/openssl/blob/eb155dada337b0de53873aa42e89724ad59aa768/thread_setup_test.go
• https://github.com/golang-fips/openssl/blob/eb155dada337b0de53873aa42e89724ad59aa768/thread_setup_unix.c
• https://github.com/golang-fips/openssl/blob/eb155dada337b0de53873aa42e89724ad59aa768/thread_setup.h
• https://github.com/golang-fips/openssl/blob/eb155dada337b0de53873aa42e89724ad59aa768/thread_setup_windows.c
• https://github.com/golang-fips/openssl/blob/eb155dada337b0de53873aa42e89724ad59aa768/port_dsa.c

I propose to remove support for OpenSSL 1.0.2. Note that this version reached EOL on Dec 2019, that is 5 years ago. AFAIU, the only reason to use such and old version past it's EOL was because it was FIPS 140-2 certified, (with certificate #1747), but all the platform the FIPS module got certified are also past EOL.

Is there any objection to proceed with this proposal? I would like to target Go 1.25.

@derekparker @ueno @dagood @gdams

[simo5]

Kill 1.0.2 support with fire!

[gdams]

+1 from me

[derekparker]

+1

[dbenoit17]

+1

[corhere]

Builds of OpenSSL 1.0.2 with active FIPS 140-2 certificates are still commercially available, e.g. certificate #3273. However, the aforementioned certificate lapses on 2025-10-15, before Go 1.24 will reach EOL, so I have no objections to 1.0.2 support being removed starting with Go 1.25.