Here's a first version of my PR for issue #21770.
Hopefully the overall approach makes sense. Very much welcome feedback!
A user executing an application on linux that utilizes open ssl libraries cannot make use of quantum-safe encryption algorithms, using OPENSSL_MODULES and OPENSSL_CONF, if that application needs the ability to bind to a port below 1024 by enabling CAP_NET_BIND_SERVICE.