Add MLDSA{65,87} support

[ptoffy]

Since swift-crypto now supports ML-DSA{65,87}, this adds support for ML-DSA based JWTs. While ML-DSA is now a formalised standard (RFC 204), its usage in JOSE is still in draft state, which means its specification could change.
Because of this, we're hiding the new APIs behind @_spi(PostQuantum) annotations, separating them from the public API and allowing therefore breaking changes, at least until the specification will be finalised.
To use them, simply

@_spi(PostQuantum) import JWTKit

but know that the APIs could be subject to change outside of major versions of JWTKit.

This PR is currently refers to the main branch of swift-crypto since no release has yet been tagged with the new post-quantum algorithms. This will change as soon as a decision is made whether to release the new APIs as a minor release before the new 2026 Crypto major release, or to wait and have them in the main Crypto module. (Discussion happening here)

[codecov]

Codecov Report

Attention: Patch coverage is 80.00000% with 9 lines in your changes missing coverage. Please review.

Project coverage is 83.61%. Comparing base (7bd6ecb) to head (9915232).
Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
Sources/_QuantumJWTKit/MLDSA/MLDSASigner.swift	79.16%	5 Missing ⚠️
Sources/_QuantumJWTKit/MLDSA/MLDSA.swift	60.00%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #229      +/-   ##
==========================================
- Coverage   83.79%   83.61%   -0.18%     
==========================================
  Files          56       60       +4     
  Lines        1493     1532      +39     
==========================================
+ Hits         1251     1281      +30     
- Misses        242      251       +9     

Files with missing lines	Coverage Δ
Sources/JWTKit/JWTKeyCollection.swift	93.54% <100.00%> (-0.14%)	⬇️
Sources/JWTKit/JWTSigner.swift	100.00% <ø> (ø)
.../_QuantumJWTKit/MLDSA/JWTKeyCollection+MLDSA.swift	100.00% <100.00%> (ø)
Sources/_QuantumJWTKit/MLDSA/MLDSAType.swift	100.00% <100.00%> (ø)
Sources/_QuantumJWTKit/MLDSA/MLDSA.swift	60.00% <60.00%> (ø)
Sources/_QuantumJWTKit/MLDSA/MLDSASigner.swift	79.16% <79.16%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[MahdiBM]

_PQJWTKit (post-quantum == PQ) sounds cooler to me which is also in line with acronyms like "PQC" (post-quantum cryptography). Though Quantum is also fine with me since it's more clear.

[ptoffy]

Ah I didn't think about that! I had considered _PostQuantumJWTKit but it seems a bit long. Although yes, I think just your version is a bit less clear

[fpseverino]

Why don't we hide these algorithms behind a @_spi(PostQuantum), instead of a separate target? I guess it will also be easier to move them to the stable API down the line

[ptoffy]

@fpseverino yes that was in fact the plan in the beginning. And nothing has changed, I just forgot 🙈 done!

[0xTim]

Are we expecting these APIs to ever change? Or should we use a package trait instead of SPI?

[ptoffy]

The RFC isn't final yet so even though unlikely the spec and therefore the APIs might still change

[fpseverino]

We should now depend on the wwdc-25 branch of swift-crypto, which has the latest API for ML-DSA