crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake.

crypto/tls: advertise support for RSA+SHA1 in TLS 1.2 handshake.

Despite SHA256 support being required for TLS 1.2 handshakes, some
servers are aborting handshakes that don't offer SHA1 support.

This change adds support for signing TLS 1.2 ServerKeyExchange messages
with SHA1. It does not add support for signing TLS 1.2 client
certificates with SHA1 as that would require the handshake to be
buffered.

Fixes #6618.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/15650043