Summary:
See https://yugabyte.slack.com/archives/C02AL0YGD37/p1745253211441579?thread_ts=1742894930.694429&cid=C02AL0YGD37 for more details.

This basically allows running YBA in FIPS compliant mode with -Dorg.bouncycastle.fips.approved_only=true system property.
It replaces regular BouncyCastle providers with BC FIPS providers + makes sure we have only BC FIPS providers + Sun provider (for secure random entropy impl) in FIPS approved mode.
It also removes PEM keystore implementation, as we don't actually use that + PEM keystore is not supported in FIPS compliant mode.
YBA truststore format for new YBA installations is changed to BCFKS. In case YBA already has PKCS12 truststore - it continues to use that. To migrate exicting system to FIPS compliant mode we will have to convert truststore.
Also, it changes hashing algorithm for user passwords and API keys to PBKDF2 HMAC SHA256. We continue to support BCrypt for existing users, though. To make a system FIPS compliant we'll have to implement migration for these as well - users will have to change passwords  and re-generate API keys.

Test Plan:
Tested YBA locally with the following settings

```
-Dorg.bouncycastle.fips.approved_only=true
-Dhttp.port=disabled
-Dhttps.port=9000
-Dhttps.keyStore=/Users/amalysh86/certs1/localhost.bcfks
-Dhttps.keyStoreType=BCFKS
-Dhttps.keyStorePassword=global-truststore-password
-Dhttps.keyStoreAlgorithm=PKIX
```

Also tested with

```
-Dorg.bouncycastle.fips.approved_only=true
and PEM keystore for HTTPS
```

Tested operations with YBA truststore.

Reviewers: anijhawan, nbhatia, nsingh, dshubin

Reviewed By: nsingh

Differential Revision: https://phorge.dev.yugabyte.com/D43451