Fix cipher suite selection with GNU TLS (Issue #5145)
Also make sure that client.conf SSLOptions do not override cupsd.conf
SSLOptions, and document the (hopefully obvious) fact that Allow* is less
secure and Deny* is more secure.
- cups/http-private.h: Add "_HTTP_TLS_SET_DEFAULT" flag for options set from
client.conf.
- cups/tls-*.c: Use new flag.
- cups/tls-gnutls.c: Fix CBC cipher suite exclusion logic, and always disable
anonymous DH.
- cups/usersys.c: Pass new flag when calling _httpTLSSetOptions.
- man/*: Update documentation.