This commit updates updates the TLS settings to the intermediate
settings from the Mozilla SSL Configuration Generator [1]

session tickets are disabled, since the timeout is increased and
renegotiating a session should be cheap enough. TLSv1 and TLSv1.1 are
disabled and TLSv1.3 is enabled and more modern ciphers are chosen.

Sections for dh_params and HSTS are added were missing and HSTS times
are bumped to two years instead of one.

http2 support is added to gitlab-ssl, since it is already present and
enabled in omnibus.

[1] https://ssl-config.mozilla.org/

Changelog: changed