Our vendored curl only enables the Secure Transport backend by default
(`CURL_SSL_BACKEND=secure-transport`), but it is limited to TLS 1.2.

The macOS SDK provides the curl development components, and the
corresponding `libcurl.4.dylib` runtime library comes with macOS.
On macOS 12 and above, the default `CURL_SSL_BACKEND=openssl`
backend seems to be capable of selecting TLS 1.3 at runtime for
https connections.

Unfortunately the macOS version of curl, even on macOS 14.4, does
not accept `CURL_SSLVERSION_TLSv1_3` at runtime to enforce TLS 1.3.
However, while our vendored curl accepts the option and passes it
to Secure Transport, macOS does not actually enforce it anyway.

Fixes: #25870
Fixes: #23701