Support configuring ssl_ecdh_curve via ConfigMap

[CVanF5]

Is your feature request related to a problem? Please describe.
Configuring ssl_ecdh_curve via ConfigMap is an option for the Community
version of Ingress controller.

Security-conscious environments often disable weaker curves like secp521r1 and enforce X25519, prime256v1, etc.

Compliance frameworks (e.g., NSA CNSA, PCI DSS, FedRAMP) may require limiting allowed curves for cryptographic agility or NIST alignment.

Without this control, users may unintentionally use curves that are no longer considered strong or performant.

Describe the solution you'd like
Have the option to configure it easily in values.yaml:

  config:
    entries:
      http2: "True"
      ssl-protocols: "TLSv1.2 TLSv1.3"
      ssl-ciphers: >
        ECDHE-ECDSA-AES128-GCM-SHA256:
        ECDHE-RSA-AES128-GCM-SHA256:
        ECDHE-ECDSA-AES256-GCM-SHA384:
        ECDHE-RSA-AES256-GCM-SHA384:
        ECDHE-ECDSA-CHACHA20-POLY1305:
        ECDHE-RSA-CHACHA20-POLY1305
      ssl-prefer-server-ciphers: "True"
      ssl-ecdh-curve: "X25519:prime256v1:secp384r1"

Describe alternatives you've considered
Can be worked around (I assume) via server_snippets or custom config, but these methods are not ideal and could easily result in misconfiguration

[github-actions]

Hi @CVanF5 thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!