fix(http/client): prefer CURLOPT_PROTOCOLS_STR over deprecated bitmask constants

[ralflang]

CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS are deprecated at the
libcurl level. When PHP eventually removes the bitmask constants the defined() guards will silently skip protocol restrictions.
This could once become a security issue. It's not an issue right now.
Prefer the string-based constants introduced in PHP 8.3 with fallback to bitmask for older versions.

This is not an urgent fix and I think it's BC

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.21%. Comparing base (fd137b7) to head (5c9a800).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #272      +/-   ##
============================================
+ Coverage     94.19%   94.21%   +0.01%     
- Complexity      262      264       +2     
============================================
  Files            15       15              
  Lines           879      881       +2     
============================================
+ Hits            828      830       +2     
  Misses           51       51              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[phil-davis]

Note: phpstan doesn't know/understand/believe that these 2 constants always go together. So I added the 2nd "defined" so that the code explicitly checks for both existing.

Similar for line 420 below, and for code in ClientTest protocolSettings() method.

It does no harm, and keeps code analysis happy.

[phil-davis]

LGTM. This will be useful for anyone who keeps using the releases that support PHP 7.4 through 8.*.

When we change the PHP support to 8.3+ then this can be refactored again.