Log Message:
nss: update to 3.98.

Changes:

   - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA
     decryption in TLS.
   - Bug 1879513 - Certificate Compression: enabling the check
     that the compression was advertised.
   - Bug 1831552 - Move Windows workers to
     nss-1/b-win2022-alpha.
   - Bug 1879945 - Remove Email trust bit from OISTE WISeKey
     Global Root GC CA.
   - Bug 1877344 - Replace `distutils.spawn.find_executable`
     with `shutil.which` within `mach` in `nss`.
   - Bug 1548723 - Certificate Compression: Updating
     nss_bogo_shim to support Certificate compression.
   - Bug 1548723 - TLS Certificate Compression (RFC 8879)
     Implementation.
   - Bug 1875356 - Add valgrind annotations to freebl kyber
     operations for constant-time execution tests.
   - Bug 1870673 - Set nssckbi version number to 2.66.
   - Bug 1874017 - Add Telekom Security roots.
   - Bug 1873095 - Add D-Trust 2022 S/MIME roots.
   - Bug 1865450 - Remove expired Security Communication RootCA1
     root.
   - Bug 1876179 - move keys to a slot that supports
     concatenation in PK11_ConcatSymKeys.
   - Bug 1876800 - remove unmaintained tls-interop tests.
   - Bug 1874937 - bogo: add support for the -ipv6 and -shim-id
     shim flags.
   - Bug 1874937 - bogo: add support for the -curves shim flag
     and update Kyber expectations.
   - Bug 1874937 - bogo: adjust expectation for a key usage bit
     test.
   - Bug 1757758 - mozpkix: add option to ignore invalid subject
     alternative names.
   - Bug 1841029 - Fix selfserv not stripping `publicname:` from
     -X value.
   - Bug 1876390 - take ownership of ecckilla shims.
   - Bug 1874458 - add valgrind annotations to freebl/ec.c.
   - Bug  864039 - PR_INADDR_ANY needs PR_htonl before
     assignment to inet.ip.
   - Bug 1875965 - Update zlib to 1.3.1.