[Feature] Add cipher-suite configuration option

[karpoftea]

Is your feature request related to a problem? Please describe.
Some default cipher-suites may be not recommended by enterprise information security policies. Thus it's better to have an option where I can restrict number of supported cipher suites.

Describe the solution you'd like
New cipher_suites setting just under server.https section. cipher_suites is an array of strings with cipher name each. If cipher_suites is not set then use default (current) behaviour, if empty or all of ciphers is not supported then fail at startime because https will not work, if some (but bot all) ciphers are not supported then log a warn message to stdout.

Describe alternatives you've considered
Reverse proxy behind chproxy, but this seem redundant.

Additional context
same:

1. in nginx: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
2. in httpd: https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html#ciphersuites
3. in haproxy: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/security/ssl-tls/client-side-encryption/#set-the-tls-ciphers