Define glibc compatibility policy

[geofft]

Also worth mentioning that RHEL7 isn't entirely dead either, although that happens to use the same overridden truststore path. Just don't drop glibc-level compatibility and we should be golden.

Originally posted by @paveldikov in #858

EL7 is glibc 2.17, which is our current baseline for x86_64 builds in src/validation.rs. We were considering raising it a bit because I think the current recommended manylinux is newer than that. Apparently RHEL 7's EOL is 2029, which is kind of far away. (CentOS 7 is already EOL as of 2024, which corresponds to Red Hat's "end of maintenance" date.)

Let's document a policy. I think if the clever plan in #772 works out, we won't be too sad about having an old minimum requirement, but we probably will want to start building with a sysroot anyway so that our actual build environment is in security support.