ml-kem: Update to FIPS 203

[bifurcation]

Fixes #46

This PR implements the two changes noted in Appendix C of FIPS 203:

• Domain separation in K-PKE.KeyGen
• Reversing the order of indices in array sampling

It turns out that we had already made the latter change in order to pass the existing test vectors.

Marking as WIP right now because I don't think updated test vectors have been published, and the current code fails on the current test vectors. Should be a quick copy/paste update once the test vectors are available.

[tarcieri]

At some point the documentation (README.md, Cargo.toml) should also be updated to note it's no longer the draft construction

[tarcieri]

Looks like new test vectors are available here:

• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-KEM-keyGen-FIPS203
• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-KEM-encapDecap-FIPS203

[bifurcation]

@tarcieri - docs and test vectors updated, think this is ready for review

[bifurcation]

I went a little more radical on the test vector refactor than I might have, but honestly (a) the first effort was kinda half-assed, and (b) this way if NIST updates the vectors, we can just pull JSON files and not have to copy/paste a bunch of hex strings.

[newpavlov]

The JSON files are quite big (831 KB and 558 KB). I think we should either exclude them (and respective tests) from published crates (e.g. see the cmac crate), or compress them better.

[bifurcation]

Good point @newpavlov, added those tests to the exclude list.