IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers

IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers

IPsec is still proposing to use SHA1 and MODP-1536 or MODP-1024
when initiating a connection. These are considered weak although
many off-the-shelf hardware is still using this as defaults.

This patch disables those algorithms and additionally changes
default behaviour to only accept the configured cipher suites.

This might create some interoperability issues, but increases
security of IPFire-to-IPFire IPsec connections.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>