JA4: Remove fictional (and mis-mapped to "s3") SSL 1

SSL 1 was never actually deployed, the design was iterated upon to
become SSL 2 before it was released by Netscape [1] [2] [3] [4].  I
don't think it's public knowledge what the version field for SSL 1 would
have looked like, or if it even was two bytes large or at the same
offset on the wire; given that SSL 2 used 0x0002 it seems more likely to
have been 0x0001 than 0x0100.

Version field 0x0100, that is currently misattributed to SSL 1, was used
by an early pre-RFC4347 implementation of DTLS in OpenSSL before 0.9.8f
[5], when OpenSSL switched to the version field specified by RFC4347.
This use of 0x0100 is also reflected in Wireshark's TLS dissector [4]
(`DTLSV1DOT0_OPENSSL_VERSION`).

For these reasons, it seems to make sense to remove the fictional SSL 1
code entirely.

This also removes an issue where the resulting JA4 string would be "s3"
instead of the intended "s1".

An earlier version of the JA4 spec [6] also mistakenly used 0x0200 for
SSL 2 and 0x0100 for SSL 1.  This was fixed in [7] in August 2024.

[1] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
[2] https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00
[3] https://github.com/openssl/openssl/blob/OpenSSL_0_9_6m/ssl/ssl2.h#L66-L71
[4] https://github.com/wireshark/wireshark/blob/release-4.4/epan/dissectors/packet-tls-utils.h#L266-L277
[5] openssl/openssl@OpenSSL_0_9_8e...OpenSSL_0_9_8f
[6] https://github.com/FoxIO-LLC/ja4/blob/main/technical_details/JA4.md#tls-and-dtls-version
[7] FoxIO-LLC/ja4#150

src/lib/protocols/tls.c

@@ -2098,11 +2098,6 @@ static void ndpi_compute_ja4(struct ndpi_detection_module_struct *ndpi_struct,
     ja_str[2] = '2';
     break;
 
-  case 0x0100: /* SSL 1.0 = “s1” */
-    ja_str[1] = 's';
-    ja_str[2] = '3';
-    break;
-
   case 0xFEFF: /* DTLS 1.0 = “d1” */
     ja_str[1] = 'd';
     ja_str[2] = '1';