Cleanup of default ciphersuite list
* don't offer DHE ciphersuites like Chrome (Firefox is in [progress](https://www.fxsitecompat.com/en-CA/docs/2018/dhe-cipher-suites-are-no-longer-supported-in-webrtc/) of deprecating DHE as well)
* don't offer AES-CBC-SHA2 like Firefox and Chrome
* don't offer AES-GCM for plain RSA like Firefox
* don't offer ECDSA with AES-CBC like Chrome
* don't offer weak DES-CBC3-SHA
* prefer AES256 over AES128 like [Mozilla Modern](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility), Safari and Edge
(The last line of cipher suites would be removed in the future when Servo deprecates TLS 1.0/1.1 and switches to Rustls.)
You can compare Firefox and Chrome with https://www.ssllabs.com/ssltest/viewMyClient.html.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/22243)
<!-- Reviewable:end -->
0fcc9b4ec7
