KAFKA-20437: Fix ssl.enabled.protocols dynamic reconfiguration not being applied

[kwondh5217]

ssl.enabled.protocols is documented as a per-broker dynamically reconfigurable config, but it was classified in SslConfigs.NON_RECONFIGURABLE_CONFIGS. Because SslFactory.createNewSslEngineFactory() only
copies keys present in RECONFIGURABLE_CONFIGS into nextConfigs, the new value is silently dropped. DefaultSslEngineFactory.shouldBeRebuilt() then sees no diff and skips rebuilding the engine, leaving the
old protocol set active. As a result, operators who restrict ssl.enabled.protocols to TLSv1.3 via kafka-configs.sh see the change reflected in broker logs but TLSv1.2 connections continue to succeed.

This PR moves ssl.enabled.protocols from NON_RECONFIGURABLE_CONFIGS to RECONFIGURABLE_CONFIGS. With this change, createNewSslEngineFactory() copies the updated value into nextConfigs, shouldBeRebuilt()
detects the diff, and a new SslEngineFactory is instantiated with the restricted protocol set. A regression test is added to SslFactoryTest that configures both TLSv1.2 and TLSv1.3, reconfigures to TLSv1.3
only, and asserts that a newly created SSLEngine no longer advertises TLSv1.2.