Init FIPS 203 Post-quantum crypto in Rust

[integritychain]

This Rust crate fully implements the recently finalized version of the FIPS 203 spec at https://csrc.nist.gov/pubs/fips/203/final
It is the post-quantum crypto Module-Lattice-Based Key-Encapsulation Mechanism Standard.
The code is a freely available open source library intended for general use.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

integritychain is integrating a new project:
- Main repo: https://github.com/integritychain/fips203
- Criticality score: 0.29401

[integritychain]

I thought it might be useful to add some context around why it makes good sense to include the FIPS 203 crate into the OSS-Fuzz world.

• The final FIPS 203 specification was just released in August 2024 as a result of a long-running NIST post-quantum cryptography standardization competition/effort (similar to that done for AES). See https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization
• The NSA updated their guidance/FAQ for Commercial National Security Algorithm Suite 2.0 for National Security Systems to include FIPS 203 as of December 2024. See https://media.defense.gov/2022/Sep/07/2003071836/-1/-1/1/CSI_CNSA_2.0_FAQ_.PDF
• Adoption of these algorithms has already begun (with proprietary implementations) in Apple iMessage, Meta WhatsApp, Signal, and others. See https://security.apple.com/blog/imessage-pq3/
• The crate contains a robust Rust desktop/server implementation, but also examples for usage in embedded systems, WASM in the browser, a constant-time harness, and a benchmarking harness. Thus it is far more than a simple code drop.
• This crate forms the basis for bindings in Python; other languages will likely follow. See: https://pypi.org/project/fips203/0.4.1/
• FIPS 203 deals with the initial establishment of a shared secret between two remote systems. Thus it is inherently exposed to malicious input in the first instance. A bug in this library could be very similar to the Heartbleed vulnerability, which is a motivation for the OSS Fuzz efforts.

Thus, the crate implements a bleeding-edge NIST cryptography specification that will be rapidly adopted across the industry, provides an open-source option to compete with large-company proprietary implementations, bindings are likely across multiple languages, and the code directly receives input across a trust boundary.