crypto/tls: advertise and accept rsa_pss_rsae signature algorithms

crypto/x509 already supports PSS signatures (with rsaEncryption OID),
and crypto/tls support was added in CL 79736. Advertise support for the
algorithms and accept them as a peer.

Note that this is about PSS signatures from regular RSA public keys.
RSA-PSS only public keys (with RSASSA-PSS OID) are supported in neither
crypto/tls nor crypto/x509. See RFC 8446, Section 4.2.3.

testdata/Server-TLSv12-ClientAuthRequested* got modified because the
CertificateRequest carries the supported signature algorithms.

The net/smtp tests changed because 512 bits keys are too small for PSS.

Based on Peter Wu's CL 79738, who did all the actual work in CL 79736.

Updates #9671

Change-Id: I4a31e9c6e152ff4c50a5c8a274edd610d5fff231
Reviewed-on: https://go-review.googlesource.com/c/146258
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

src/crypto/tls/handshake_test.go

@@ -68,17 +68,17 @@ func testOpenSSLVersion() {
 	}
 
 	version := string(output)
-	if strings.HasPrefix(version, "OpenSSL 1.1.0") {
+	if strings.HasPrefix(version, "OpenSSL 1.1.1") {
 		return
 	}
 
 	println("***********************************************")
 	println("")
-	println("You need to build OpenSSL 1.1.0 from source in order")
+	println("You need to build OpenSSL 1.1.1 from source in order")
 	println("to update the test data.")
 	println("")
 	println("Configure it with:")
-	println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method -static linux-x86_64")
+	println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method")
 	println("and then add the apps/ directory at the front of your PATH.")
 	println("***********************************************")