modules: mbedtls: remove the default enabling of features

In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).

Configurations are adjusted to enable what they need.

Bonuses:

- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).

- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

doc/releases/migration-guide-3.7.rst

@@ -79,10 +79,11 @@ Boards
 Modules
 *******
 
-MbedTLS
-=======
+Mbed TLS
+========
 
-* The hash algorithms SHA-384, SHA-512, MD5 and SHA-1 are not enabled by default anymore.
+* TLS 1.2, RSA, AES, DES, and all the hash algorithms except SHA-256
+  (SHA-224, SHA-384, SHA-512, MD5 and SHA-1) are not enabled by default anymore.
   Their respective Kconfig options now need to be explicitly enabled to be able to use them.
 * The Kconfig options previously named `CONFIG_MBEDTLS_MAC_*_ENABLED` have been renamed.
   The `_MAC` and `_ENABLED` parts have been removed from their names.
@@ -560,10 +561,10 @@ MCUmgr
 ======
 
 * The support for SHA-256 (when using checksum/hash functions), previously provided
-  by either TinyCrypt or MbedTLS, is now provided by either PSA or MbedTLS.
+  by either TinyCrypt or Mbed TLS, is now provided by either PSA or Mbed TLS.
   PSA is the recommended API going forward, however, if it is not already enabled
   (:kconfig:option:`CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT`) and you have tight code size
-  constraints, you may be able to save 1.3 KB by using MbedTLS instead.
+  constraints, you may be able to save 1.3 KB by using Mbed TLS instead.
 
 Modem
 =====