Log Message:
nss: Update to 3.59

Changelog:
Notable Changes in NSS 3.59

Exported two existing functions from libnss, CERT_AddCertToListHeadWithData
and CERT_AddCertToListTailWithData

NOTE: NSS will soon require GCC 4.8 or newer. Gyp-based builds will stop
supporting older GCC versions first, followed a few releases later by the
make-based builds. Users of older GCC versions can continue to use the
make-based build system while they upgrade to newer versions of GCC.

Bugs fixed in NSS 3.59

* Bug 1607449 - Lock cert->nssCertificate to prevent a potential data race
* Bug 1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* Bug 1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* Bug 1670835 - Support enabling and disabling signatures via Crypto Policy
* Bug 1672291 - Resolve libpkix OCSP failures on SHA1 self-signed root certs
when SHA1 signatures are disabled.
* Bug 1644209 - Fix broken SelectedCipherSuiteReplacer filter to solve some
test intermittents
* Bug 1672703 - Tolerate the first CCS in TLS 1.3  to fix a regression in our
CVE-2020-25648 fix that broke purple-discord
* Bug 1666891 - Support key wrap/unwrap with RSA-OAEP
* Bug 1667989 - Fix gyp linking on Solaris
* Bug 1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* Bug 1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* Bug 1663091 - Remove unnecessary assertions in the streaming ASN.1 decoder
that affected decoding certain PKCS8 private keys when using NSS debug builds
* Bug 1670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.