Improve TLS Group Capabilities #660
Description
We currently report all algorithms we know about when tls group capabilities are queried.
It might be better to query the token and report only groups we can actually operate from the token, but this is tricky when the token is not yet initialized.
Besides it does not look like OpenSSL really care for this unless we are offering algorithms that the default provider does not support, so it may matter only in cases like when OpenSSL is in FIPS mode and drops non-approved algorithms, and somehow we still want to offer them via a pkcs#11 token.