ncm-metaconfig: Update defaults for SSL protocol and ciphersuite

- based on latest Mozilla intermediate profile,
  see https://ssl-config.mozilla.org
- Generated 2025-07-10, Mozilla Guideline v5.7, Apache 2.4.60,
  OpenSSL 3.4.0, intermediate config:
  https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.4.0&guideline=5.7
- Supports Firefox 27, Android 4.4.2, Chrome 31, Edge,
  IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, Safari 9.

Author: gregcorbett

ncm-metaconfig/src/main/metaconfig/httpd/pan/schema.pan

@@ -267,8 +267,18 @@ type httpd_nss_vhost = {
 type httpd_ssl_vhost = {
     include httpd_ssl_global
     include httpd_ssl_nss_vhost
-    "protocol" : httpd_sslprotocol[] = list("TLSv1")
-    "ciphersuite" : httpd_ciphersuite[] = list("TLSv1")
+    "protocol" : httpd_sslprotocol[] = list("-all", "+TLSv1.2", "+TLSv1.3")
+    "ciphersuite" : httpd_ciphersuite[] = list(
+        "ECDHE-ECDSA-AES128-GCM-SHA256",
+        "ECDHE-RSA-AES128-GCM-SHA256",
+        "ECDHE-ECDSA-AES256-GCM-SHA384",
+        "ECDHE-RSA-AES256-GCM-SHA384",
+        "ECDHE-ECDSA-CHACHA20-POLY1305",
+        "ECDHE-RSA-CHACHA20-POLY1305",
+        "DHE-RSA-AES128-GCM-SHA256",
+        "DHE-RSA-AES256-GCM-SHA384",
+        "DHE-RSA-CHACHA20-POLY1305"
+    )
     "honorcipherorder" ? string with match(SELF, '^(on|off)$')
     "compression" ? boolean
     "sessiontickets" ? boolean