Documentation for PSQv2 & client-authentication proposal

[jschneider-bensch]

This PR adds

• signature based authentication for the initiator
  • to enable this, I've added support for (de-)serialization of key and signature structs using tls_codec to ML-DSA
  • the initiator authenticator, be it a long-term DH public key or signature verification key can be retrieved from the Responder once the first initiator message was processed for out-of-band verification. I've added a function Responder::abort_handshake to reset the responder if this verification fails.
  • To enforce that the initiator authenticator and responder public keys are available for deserialization, I've made them required inputs in the serialization as well.
• AES-GCM 128 support for the AEAD
• Documentation on the different protocol modes in README.md
• I've added a way to export secrets for a given context from the Session. This will export a secret derived as HKDF-SHA256(K_session, context || "PSQ secret export") where context can be provided by the application.

TODO:

• Update changelog

[jschneider-bensch]

Looks like the macOS ASAN nightly has gone a bit stale. Attempting to unpin that with #1258.

[franziskuskiefer]

I didn't go too deep yet. But this looks good in general.

There are a bunch of public items without docs. But also no warnings. So they may not be exposed.

[franziskuskiefer]

Thanks. Let's get this in.