ML-KEM: Add check for Pubkey hash mismatch on decoding the dk

[lealem47]

Description

Fix to adhere to FIPS 203 – Algorithm 18 (Decaps_internal)

Re-encode ek_PKE and compute h' = H(ek_PKE)
Reject the decapsulation key if h' ≠ h.

Testing

CAVP vectors with a private key whose embedded public key does not match the hash stored in the key.

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[devin-ai-integration]

🛟 Devin Lifeguard found 2 likely issues in this PR

• check-all-return-codes snippet: Check the signature of MLKEM_HASH_H; if it returns an int error code, store the result (e.g. ret = MLKEM_HASH_H(...); if (ret != 0) return ret;) before proceeding.
• prefer-constant-time snippet: Confirm whether XMEMCMP executes in constant time; if not, replace it with a constant-time comparison routine (e.g., wc_MemcmpCT) when comparing cryptographic hashes.

@lealem47
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

[lealem47]

Jenkins retest this please