Enable Hybrid PQ KeyShares by default

[alexw91]

Issues:

N/A

Description of changes:

Adds X25519MLKEM768 KeyShare to AWS-LC's default SupportedGroups list.

Call-outs:

• SSL Padding tests to pad TLS ClientHellos up to 512 bytes were updated to disable X25519MLKEM768 in order to keep testing padding functionality.
• ssl_version_test.cc was updated to expect SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE when calling SSL_get_peer_tmp_key() on an SSL connection that offered X25519MLKEM768. This is because there is no EVP_PKEY type for hybrid keys, only individual X25519 or MLKEM768 keys.

Testing:

Unit Tests confirm that X25519MLKEM768 and X25519 are now offered by default by AWS-LC.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.90%. Comparing base (4131f11) to head (c260e9a).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2531      +/-   ##
==========================================
+ Coverage   78.88%   78.90%   +0.02%     
==========================================
  Files         640      640              
  Lines      109766   109779      +13     
  Branches    15526    15528       +2     
==========================================
+ Hits        86590    86624      +34     
+ Misses      22479    22457      -22     
- Partials      697      698       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[darylmartin100]

FYI: I want to hold off on merging this in until we can better quantify the impact.