Make the TLSv1.3 downgrade mechanism a configurable option

Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)