Remove the DHE-RSA key exchange

[gilles-peskine-arm]

Remove the DHE-RSA key exchange.

This completes the removal of finite-field Diffie-Hellman from TLS 1.2. Note that it remains available in TLS 1.3.

• Prerequisites:
  • Remove DHE-PSK key exchange #9684
  • Test cases: Migrate DHE test cases to ECDHE #9688
  • Together with Remove the RSA-decryption key exchange #9682, we're removing the ability to do a non-PSK key exchange that involves ECC. This may need a rethink of how we test handshake attempts when the other side doesn't like the elliptic_curves or ec_point_formats extension.
• Config option: MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
• Key exchange type: MBEDTLS_KEY_EXCHANGE_DHE_RSA
• Affected cipher suite macros regex: MBEDTLS_TLS_DHE_RSA_WITH_\w+
• Full list of cipher suite names:

  TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
  TLS-DHE-RSA-WITH-AES-256-CCM
  TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
  TLS-DHE-RSA-WITH-AES-256-CBC-SHA
  TLS-DHE-RSA-WITH-AES-256-CCM-8
  TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384
  TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
  TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
  TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384
  TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
  TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
  TLS-DHE-RSA-WITH-AES-128-CCM
  TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  TLS-DHE-RSA-WITH-AES-128-CBC-SHA
  TLS-DHE-RSA-WITH-AES-128-CCM-8
  TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256
  TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
  TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
  TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256
  TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
  

• Follow-up: Remove FFDH-specific code from compat.sh #9686

Follow the steps in #9681 unless there is a good reason to deviate.