Add ML-KEM (FIPS 203) post-quantum KEM support

[Frauschi]

Summary

• Adds ML-KEM (CRYSTALS-Kyber, FIPS 203) key encapsulation mechanism support, modeled after the existing ML-DSA integration
• Disabled by default; enable with --enable-mlkem (autotools) or -DWOLFPKCS11_MLKEM=yes (CMake) — enabling auto-activates PKCS#11 v3.2
• Fixes several bugs present in the original patch (mlkem.patch) against the older codebase: wrong length argument to wp11_EncryptData, missing devId parameter, unchecked return value in store path, XMEMSET → wc_ForceZero, object->slot->devId → object->devId, store constant conflicts, and wrong internal flag values

New capabilities

• CKM_ML_KEM_KEY_PAIR_GEN — key pair generation for KEM-512/768/1024
• C_EncapsulateKey / C_DecapsulateKey with CKM_ML_KEM
• Key import/export via C_CreateObject / C_GetAttributeValue
• Token persistence (WOLFPKCS11_STORE_MLKEMKEY_PRIV = 0x0E, WOLFPKCS11_STORE_MLKEMKEY_PUB = 0x0F)
• New PKCS#11 constants: CKK_ML_KEM, CKA_ENCAPSULATE, CKA_DECAPSULATE, CKF_ENCAPSULATE, CKF_DECAPSULATE, CKP_ML_KEM_512/768/1024

Tests (tests/pkcs11v3test.c, inside WOLFPKCS11_MLKEM guard)

• test_mlkem_gen_keys — generate key pair, encapsulate/decapsulate, verify shared secrets match
• test_mlkem_gen_keys_id — generate with ID, find by ID, encapsulate/decapsulate
• test_mlkem_gen_keys_token — generate key pair to token storage
• test_mlkem_token_keys — load persisted keys, encapsulate/decapsulate
• test_mlkem_fixed_keys — generate, export raw key material, destroy, reimport, verify (exercises import path)
• test_mlkem_encap_decap_fail — encapsulate with key A, decapsulate with wrong key B, verify shared secrets differ (ML-KEM implicit rejection)

Test plan

• Build wolfSSL with ML-KEM support enabled
• ./configure --enable-mlkem && make && make check
• Verify pkcs11v3test shows all ML-KEM tests passing
• Run test_mlkem_gen_keys_token, restart, run test_mlkem_token_keys to confirm persistence
• ./configure --disable-mlkem && make — verify clean build without ML-KEM

🤖 Generated with Claude Code

[Frauschi]

All three review comments addressed in commit b621705:

1. MlKemKey pointer (internal.c): Changed union member from embedded MlKemKey mlKemKey to MlKemKey* mlKemKey, matching the pattern used by ML-DSA, DH, RSA, and ECC. Added XMALLOC in the NewObject key-type switch, wc_MlKemKey_Free + XFREE + null-set in WP11_Object_Free, and updated all dereferences (&object->data.mlKemKey → object->data.mlKemKey, .field → ->field).

2. SHA-3 check in CMakeLists.txt: Added if(NOT WOLFPKCS11_SHA3) override_cache(WOLFPKCS11_MLKEM "no") endif(), mirroring the existing ML-DSA guard.

3. SHA-3 check in configure.ac: Added the same guard — if ENABLED_SHA3 is no, ML-KEM is disabled with a descriptive message, matching the ML-DSA pattern.

[Frauschi]

Also add mlkem support to the cmake and clang-tidy CI jobs