`ring` license requires more precautions than others

The ring crate's LICENSE incorporates BoringSSL's license, which incorporates the old¹ OpenSSL license, which includes the old 4-clause bsd-style "advertising clause". We use ring as an optional dependency: we only need it when rustls is enabled.

 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

That gives us three possible burdens:

1. We need to conform with the advertising clause.
2. We might want to warn others that enabling the rustls feature may give them obligations.
3. We should try to make sure that ring never becomes a required dependency, or else we will be GPL-incompatible, which we do not want.

It would be good if we had some way to automatically check that 3 is maintained, either in check_licenses or elsewhere.

1. OpenSSL has since relicensed under Apache-2.0, but that doesn't necessarily help BoringSSL and/or ring unless they confirm that all of the code they copied is code that got relicensed. ↩