Provider compat CI is broken because of X25519/X448 having fips=no on master

[t8m]

The two broken jobs here: https://github.com/openssl/openssl/actions/runs/8802704031/job/24159479487 and https://github.com/openssl/openssl/actions/runs/8802704031/job/24159478903 are failing because they run libcrypto/libssl tests from 3.1 and 3.0 branches against the master branch version of the fips provider.

Of course that does not work well because on these branches there are testcases that expect the X25519 and X448 having fips=yes property and being advertised by the fips provider among the groups capability.

Furthermore in the provider compat CI we do not run any tests against the 3.2 an 3.3 branches, which would have the same problem.

[nhorman]

need to make the tests conditional on fips=yes

[paulidale]

The compatibility test needs to have additional versions added manually (in two places) and this will multiply quadratically with time based releases. Something for WG to discuss limiting somehow. This updating should be added to the release checklist since it has been missed twice in a row.

Any fix has to work for older branches and releases. I.e. code changes are difficult anywhere except master and impossible for the FIPS providers.

The evp_test tests include a FIPS version field to allow them to be conditional and we've backported changes to this in the past & this is the solution for such failures. Other test failures are more difficult. We've made failure to fetch be not an error in places I believe.