SSL Test Integration for FIPS

[DimensionWieldr]

Changelog category (leave one):

• Testing/Packaging Improvement

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

• The AWS-LC SSL test runner can be run against the ClickHouse FIPS binary.
• The musl-based posix_spawn in the glibc-compat layer never applied file actions (close/dup2/open/chdir). The child process now runs the full file-actions list before exec, so split-handshake tests work when the shim spawns the handshaker.
• Added clickhouse-ssl-shim and clickhouse-ssl-handshaker as modes of the main binary (same pattern as other tools). They wrap the unmodified AWS-LC shim/handshaker logic and are built only when FIPS_CLICKHOUSE=ON and AWSLC_SRC_DIR is set.

CI/CD Options

Exclude tests:

• Fast test
• Integration Tests
• Stateless tests
• Stateful tests
• Performance tests
• All with ASAN
• All with TSAN
• All with MSAN
• All with UBSAN
• All with Coverage
• All with Aarch64
• All Regression
• Disable CI Cache

Regression jobs to run:

• Fast suites (mostly <1h)
• Aggregate Functions (2h)
• Alter (1.5h)
• Benchmark (30m)
• ClickHouse Keeper (1h)
• Iceberg (2h)
• LDAP (1h)
• Parquet (1.5h)
• RBAC (1.5h)
• SSL Server (1h)
• S3 (2h)
• Tiered Storage (2h)

[zvonand]

Why do we have two identic glibc_compat.c files? Can it be moved into one place?