nginx: unoverride secure defaults

Both Alpine and Debian override default nginx ssl_protocols to enable
older TLS versions. Unoverride to return to secure nginx defaults.

roles/nginx/tasks/main.yml

@@ -16,6 +16,13 @@
       - certbot
       - nginx
 
+- name: Don’t enable old TLS versions
+  lineinfile:
+    path: /etc/nginx/nginx.conf
+    regex: '(\s+ssl_protocols\s.*)'
+    backrefs: yes
+    line: '#\1'
+
 - name: Create HTTP server directories
   file:
     path: /srv/http/.well-known