Add test case for Fedora/RHEL SSL handling

[geofft]

We should add a regression test for the thing fixed in #1013.

There's actually two angles here. One is that we can test the specific configuration:

$ cat badconf
config_diagnostics = 1
openssl_conf = openssl_init
[openssl_init]
rh-allow-sha1-signatures = true
$ OPENSSL_CONF=badconf uvx python -c 'import ssl; ssl.create_default_context()'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
    import ssl; ssl.create_default_context()
                ~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/home/ubuntu/.local/share/uv/python/cpython-3.14.3-linux-x86_64-gnu/lib/python3.14/ssl.py", line 698, in create_default_context
    context = SSLContext(PROTOCOL_TLS_CLIENT)
  File "/home/ubuntu/.local/share/uv/python/cpython-3.14.3-linux-x86_64-gnu/lib/python3.14/ssl.py", line 438, in __new__
    self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: [CONF: UNKNOWN_MODULE_NAME] unknown module name (_ssl.c:3187)

The other is that we should probably test on an actual Fedora or RHEL UBI image in case they add other options like this in the future. And for that matter it's probably worth running similar smoke tests on all the major distributions in container images.