NTLM: disable if DES support missing from OpenSSL or mbedTLS

Make autotools and cmake detect DES support in OpenSSL and mbedTLS.
Forward feature macros to C and omit NTLM from the feature preview list.
Use the feature macros in source. This ensure that `-V` output matches
the preview.

OpenSSL doesn't support DES when built with `no-des` or `no-deprecated`.
mbedTLS 4.x no longer supports it, and it's possible to disable it in
<4 with `scripts/config.py unset MBEDTLS_DES_C`.

Before this patch this worked for
mbedTLS 4 only, and with a regression for pending PR #16973.

Also:

- drop NTLM feature check from `curl_setup.h` in favour of autotools/
  cmake feature macros. This makes `curl_setup.h` no longer need
  to include an mbedTLS header, which in turn makes tests/server build
  without depending on mbedTLS.
  Fixing, in #16973:
  ```
  In file included from tests/server/first.h:40,
                   from bld/tests/server/servers.c:3:
  lib/curl_setup.h:741:10: fatal error: mbedtls/version.h: No such file or directory
    741 | #include <mbedtls/version.h>
        |          ^~~~~~~~~~~~~~~~~~~
  ```
  Ref: https://github.com/curl/curl/actions/runs/18689537893/job/53291322012?pr=16973
  Ref: #19181 (initial fix idea)
  Follow-up to 3a305831d1 #19077

- move back mbedTLS header include and version check from
  `curl_setup.h` to each source which consumes mbedTLS.

- GHA/http3-linux: drop workaround that disabled NTLM for
  `no-deprecated` OpenSSL builds.
  Follow-up to 006977859d #12384

- curl_ntlm_core: drop pointless macro `CURL_NTLM_NOT_SUPPORTED`.
  Follow-up to 006977859d #12384

Closes #19206

m4/curl-mbedtls.m4

@@ -107,24 +107,11 @@ if test "x$OPT_MBEDTLS" != xno; then
         LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE mbedtls mbedx509 mbedcrypto"
       fi
 
-      mbedtls_4=0
-      AC_MSG_CHECKING([for mbedTLS >= v4])
-      AC_COMPILE_IFELSE([
-        AC_LANG_PROGRAM([[
-          #include <mbedtls/version.h>
-        ]],[[
-          #if (MBEDTLS_VERSION_NUMBER >= 0x04000000)
-          return 0;
-          #else
-          #error older than 4
-          #endif
-        ]])
-      ],[
-        mbedtls_4=1
-        AC_MSG_RESULT([yes])
-      ],[
-        AC_MSG_RESULT([no])
-      ])
+      dnl Check DES support in mbedTLS <4.
+      AC_CHECK_FUNCS(mbedtls_des_crypt_ecb)
+      if test "$ac_cv_func_mbedtls_des_crypt_ecb" = 'yes'; then
+        HAVE_MBEDTLS_DES_CRYPT_ECB=1
+      fi
     fi
 
   fi dnl mbedTLS not disabled

m4/curl-openssl.m4

@@ -340,6 +340,29 @@ if test X"$OPT_OPENSSL" != Xno &&
   AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
 fi
 
+dnl ---
+dnl We check OpenSSL for DES support.
+dnl ---
+if test "$OPENSSL_ENABLED" = "1"; then
+  AC_MSG_CHECKING([for DES support in OpenSSL])
+  AC_LINK_IFELSE([
+    AC_LANG_PROGRAM([[
+      #ifndef OPENSSL_SUPPRESS_DEPRECATED
+      #define OPENSSL_SUPPRESS_DEPRECATED
+      #endif
+      #include <openssl/des.h>
+    ]],[[
+      DES_ecb_encrypt(0, 0, 0, DES_ENCRYPT);
+    ]])
+  ],[
+    AC_MSG_RESULT([yes])
+    AC_DEFINE(HAVE_DES_ECB_ENCRYPT, 1, [if you have the function DES_ecb_encrypt])
+    HAVE_DES_ECB_ENCRYPT=1
+  ],[
+    AC_MSG_RESULT([no])
+  ])
+fi
+
 dnl ---
 dnl We require OpenSSL with SRP support.
 dnl ---