Animals with old SSL may find no build required

If any of your buildfarm members don't get regular system updates, I recommend
checking your SSL setup with "git clone https://git.postgresql.org" and fixing
as appropriate.

https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ now
affects verification of the https://git.postgresql.org server certificate.
The part about "if clients of your API are using OpenSSL, they must use
version 1.1.0 or later" applies to the git https client. Some git builds use
GnuTLS instead of OpenSSL. For Debian 8 git (GnuTLS 3.3.8), it sufficed to
copy ca-bundle.crt from RHEL7 and set GIT_SSL_CAINFO. Debian 7 git uses
GnuTLS 2.12.20-8+deb7u5, which can't even cope with the structure of the new
certificates. Hence, I used GIT_SSL_NO_VERIFY for frogfish. This probably
would have affected https://buildfarm.postgresql.org/cgi-bin/pgstatus.pl
access, too, but I had reverted that one to http:// some time ago.

build-farm.conf.sample defaults to git_ignore_mirror_failure=>1. With that
setting, if a buildfarm member SSL setup breaks, the member will appear to be
functioning, but it will find no changes to test:

Sat Oct 2 04:35:22 2021: buildfarm run for frogfish:REL9_6_STABLE starting
git version 1.7.10.4 too old for automatic default branch update
frogfish:REL9_6_STABLE [04:35:23] checking out source ...
frogfish:REL9_6_STABLE [04:35:58] checking if build run needed ...
frogfish:REL9_6_STABLE [04:35:58] No build required: last status = Fri Sep 24 23:15:14 2021 GMT, current snapshot = Sat Sep 25 14:53:55 2021 GMT, changed files = 0