Give configure-time warnings on API mismatch with Openssl headers and libraries
In #33437 (closed), @jsw ran into a usability problem that happens when our configure script finds the openssl headers in one place but finds the libraries in another. Instead of complaining, the script succeeds, but later on compilation fails.
I'd like to improve our openssl detection, but it's a longstanding problem to do that without breaking backward compatibility with existing configure users.
So as a usability measure, let's give a better warning when we find ourselves in this situation, and let's make it hard to overlook.