CentOS 8: make TLS 1.0/1.1 available using LEGACY security policies

CentOS 8 has disabled by default the TLS 1.0/1.1 support, breaking
backward compatibility with existing Gerrit setups.

Enable by default the LEGACY security policies so that they can be
kept for compatibility with earlier versions.

If unwanted, derived Dockerfiles can still set them back to
DEFAULT.

Bug: Issue 12859
Change-Id: I0e411c13025d91fd0028a26b47abcbe048d8c93d
diff --git a/centos/8/Dockerfile b/centos/8/Dockerfile
index 803f61d..e5d0af6 100644
--- a/centos/8/Dockerfile
+++ b/centos/8/Dockerfile
@@ -15,6 +15,9 @@
     rm -f /var/gerrit/etc/{ssh,secure}* && rm -Rf /var/gerrit/{static,index,logs,data,index,cache,git,db,tmp}/* && chown -R gerrit:gerrit /var/gerrit && \
     yum -y clean all
 
+# Enable LEGACY security policies by default (for TLS 1.0/1.1 compatibility)
+RUN update-crypto-policies --set LEGACY
+
 USER gerrit
 
 ENV CANONICAL_WEB_URL=