[VL] Link openssl dynamicly for FIPS

[FelixYBW]

Description

In some use cases we need to enable FIPS for openssl and use certain version of system installed libcrypto. It's related to security requirement. Let's add the exception of openssl for static link.

[FelixYBW]

more details of FIPS can be found here:
https://access.redhat.com/compliance/fips
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/switching-rhel-to-fips-mode_security-hardening#federal-information-processing-standards-140-and-fips-mode_switching-rhel-to-fips-mode

[PHILO-HE]

@FelixYBW, can static link still be used for openssl if required openssl & libcrypto version are installed by vcpkg?

[FelixYBW]

No, it's said the libcrypto.so is certified. vcpkg does have FIPS enabled option but looks it's not enough. To avoid any potential issue related to security, the safe way is to use system's libcrypto.so always.

So we need to add an option to remove libssl from vcpkg, use system installed one instead. Is it easy?

[PHILO-HE]

@FelixYBW, it seems a bit complex to handle it. Openssl is also introduced as a transitive dependency. I note grpc, folly and aws-sdk-cpp are depending on it. If we want to use shared openssl thoroughly, we may have to also remove these libs from vcpkg since static openssl lib is linked to these libs in vcpkg.