mbedTLS: Update to new LTS v3.6.0

Keep module compatibility with mbedtls 2.x (old LTS branch).

A patch has been added to allow compiling after removing all the `psa_*`
files from the library folder (will look into upstreaming it).

Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires
some module changes, and to enable PSA crypto (new "standard" API
specification), so it might be best done in a separate commit/PR.

thirdparty/mbedtls/include/godot_module_mbedtls_config.h

@@ -41,18 +41,34 @@
 #else
 
 // Include default mbedTLS config.
-#include <mbedtls/config.h>
+#include <mbedtls/mbedtls_config.h>
 
 // Disable weak cryptography.
 #undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#undef MBEDTLS_SSL_CBC_RECORD_SPLITTING
-#undef MBEDTLS_SSL_PROTO_TLS1
-#undef MBEDTLS_SSL_PROTO_TLS1_1
-#undef MBEDTLS_ARC4_C
 #undef MBEDTLS_DES_C
 #undef MBEDTLS_DHM_C
 
+#ifndef __linux__
+// ARMv8 hardware AES operations. Detection only possible on linux.
+#undef MBEDTLS_AESCE_C
+#endif
+
+// Disable deprecated
+#define MBEDTLS_DEPRECATED_REMOVED
+
+// mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires some mobule
+// changes, and to enable PSA crypto (new "standard" API specification).
+// Disable it for now.
+#undef MBEDTLS_SSL_PROTO_TLS1_3
+
+// Disable PSA Crypto.
+#undef MBEDTLS_PSA_CRYPTO_CONFIG
+#undef MBEDTLS_PSA_CRYPTO_C
+#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
+#undef MBEDTLS_PSA_ITS_FILE_C
+#undef MBEDTLS_LMS_C
+
 #endif // GODOT_MBEDTLS_INCLUDE_H
 
 #endif // GODOT_MODULE_MBEDTLS_CONFIG_H