Look at the supported_versions extension even if the server <TLS1.3

If supported_versions is present it takes precedence.

Reviewed-by: Rich Salz <rsalz@openssl.org>