Test for conformance to NIST SP 800-52

This commit adds a --nist switch (and a corresponding NIST environment variable). If the switch is used, then testssl.sh will perform some checks for conformance to NIST Special Publication 800-52 Revision 2. For example, ratings of cipher suites will be based on whether they are permitted by SP 800-52. In addition, when cipher suites that offer forward secrecy are offered, ratings for the ephemeral ellitic curves and/or finite field groups offered are based on conformance to SP 800-56A Revision 3 (and in particular Appendix D of that document).

doc/testssl.1

@@ -113,6 +113,8 @@ A typical internal conversion to testssl\.sh file format from nmap's grep(p)able
 \fB\-\-phone\-out\fR Checking for revoked certificates via CRL and OCSP is not done per default\. This switch instructs testssl\.sh to query external \-\- in a sense of the current run \-\- URIs\. By using this switch you acknowledge that the check might have privacy issues, a download of several megabytes (CRL file) may happen and there may be network connectivity problems while contacting the endpoint which testssl\.sh doesn't handle\. PHONE_OUT is the environment variable for this which needs to be set to true if you want this\.
 .P
 \fB\-\-add\-ca <CAfile>\fR enables you to add your own CA(s) in PEM format for trust chain checks\. \fBCAfile\fR can be a directory containing files with a \.pem extension, a single file or multiple files as a comma separated list of root CAs\. Internally they will be added during runtime to all CA stores\. This is (only) useful for internal hosts whose certificates are issued by internal CAs\. Alternatively ADDTL_CA_FILES is the environment variable for this\.
+.P
+\fB\-\-nist\fR indicates that testing should check for conformance to the recommendations of the U\.S\. National Institute of Standards and Technology (NIST), including NIST Special Publication (SP) 800-53 Revision 2 and SP 800-56A Revision 3\. This switch will affect, for example, the ratings that are applied to cipher suites\. NIST is the environment variable for this which needs to be set to true if you want this\.
 .SS "SINGLE CHECK OPTIONS"
 Any single check switch supplied as an argument prevents testssl\.sh from doing a default run\. It just takes this and if supplied other options and runs them \- in the order they would also appear in the default run\.
 .P

doc/testssl.1.md

@@ -153,6 +153,8 @@ The same can be achieved by setting the environment variable `WARNINGS`.
 
 `--add-ca <CAfile>` enables you to add your own CA(s) in PEM format for trust chain checks. `CAfile` can be a directory containing files with a \.pem extension, a single file or multiple files as a comma separated list of root CAs. Internally they will be added during runtime to all CA stores. This is (only) useful for internal hosts whose certificates are issued by internal CAs. Alternatively ADDTL_CA_FILES is the environment variable for this.
 
+`--nist` indicates that testing should check for conformance to the recommendations of the U.S. National Institute of Standards and Technology (NIST), including NIST Special Publication (SP) 800-53 Revision 2 and SP 800-56A Revision 3. This switch will affect, for example, the ratings that are applied to cipher suites. NIST is the environment variable for this which needs to be set to true if you want this.
+
 
 ### SINGLE CHECK OPTIONS