PQC: ML-DSA

[FAlbertDev]

Adds the initial public draft of FIPS 204 (ML-DSA-IPD) to the existing Dilithium code. This PR prepares to bring the final specification into Botan as fast as possible. Since it is based on the refactored version of Kyber/Dilithium, it replaces #4062. (I did not base the changes on the old PR since the new dilithium code base is too different)

This PR is a draft since we do not want to publish the IPD instances in Botan. An implementation that wants to experiment with the IPD instances may work with this PR for now.

@atreiber94 I added you as a co-author since I copied half of your code from #4062.

Towards a final FIPS 204 Implementation

Effective: 21 August

Currently, this still implements ML-DSA-ipd, but the required changes are already in the code base (and commented out) -- see ml_dsa_ipd.h. Here's what is left to do:

• Remove "_ipd" suffix from all the things Suggestion: rename the internal ml_dsa_ipd.h to ml_dsa_impl.h in order to leave room for a future public ml_dsa.h
  • [ ] Headers
  • [ ] Include guards
  • [ ] enum definitions
  • [ ] method names (eg. is_ml_dsa_ipd())
  • [ ] tests
  • [ ] algorithm specifiers and stringified names
  • [ ] file names of test vectors
• X.509
  • [ ] Register the official OIDs
  • [ ] Read through the IETF draft and validate that our X.509 implementation handles ML-DSA keys correctly
• [ ] Remove the TODOs and enable the adaptions for the final ML-DSA implementation in ml_dsa_ipd.h
• Integrate public test vectors
  • [ ] Wycheproof draft tests?
  • [ ] ACVP tests (#1, #2, #3)
• [ ] Go through FIPS 204 again and see if all validations are implemented (add tests)
• [ ] ❔ Implement PrehashML-DSA depends on #4318
• [ ] Implement the new "context" parameter in signing/verifying depends on #4318