globalplatform: stick with openssl 1.0.2

While upstream has patches in tree that support newer versions of
OpenSSL those haven't been released and picking them doesn't seem to be
trivial without risking breakage that I can not test. After talking to
the previous maintainer of the package this also seems like the sanest
approach for the time being.