Log Message:
nss: Update to 3.60

Changelog:
Notable changes in NSS 3.60: 
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been
added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation.
See bug 1654332 for more information. 
* December 2020 batch of Root CA changes, builtins library updated to version
2.46. See bugs 1678189, 1678166, and 1670769 for more information.

Bugs fixed in NSS 3.60:
 * Bug 1654332 - Implement Encrypted Client Hello (draft-ietf-tls-esni-08).
 * Bug 1678189 - Update CA list version to 2.46.
 * Bug 1670769 - Remove 10 GeoTrust, thawte, and VeriSign root certs from NSS.
 * Bug 1678166 - Add NAVER Global Root Certification Authority root cert to
NSS.
 * Bug 1678384 - Add a build flag to allow building nssckbi-testlib in
mozilla-central.
 * Bug 1570539 - Remove -X alt-server-hello option from tstclnt.
 * Bug 1675523 - Fix incorrect pkcs11t.h value CKR_PUBLIC_KEY_INVALID.
 * Bug 1642174 - Fix PowerPC ABI version 1 build failure.
 * Bug 1674819 - Fix undefined shift in fuzzer mode.
 * Bug 1678990 - Fix ARM crypto extensions detection on macOS.
 * Bug 1679290 - Fix lock order inversion and potential deadlock with
libnsspem.
 * Bug 1680400 - Fix memory leak in PK11_UnwrapPrivKey.