Add post-quantum cryptography support with PqSoftCryptoProvider

- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle.
- Added PqSoftProviderOptions and PqSoftKeyOptions for configuration.
- Created unit tests for Dilithium3 and Falcon512 signing and verification.
- Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists.
- Added KcmvpHashOnlyProvider for KCMVP baseline compliance.
- Updated project files and dependencies for new libraries and testing frameworks.

etc/rootpack/eu/crypto.profile.yaml

@@ -0,0 +1,21 @@
+StellaOps:
+  Crypto:
+    Registry:
+      ActiveProfile: eu-eidas-soft
+      PreferredProviders:
+        - eu.eidas.soft
+        - pq.soft
+        - default
+      Profiles:
+        eu-eidas-soft:
+          PreferredProviders:
+            - eu.eidas.soft
+            - pq.soft
+            - default
+    Diagnostics:
+      Providers:
+        Enabled: true
+        Metrics:
+          LogLevel: Information
+    Notes:
+      Certification: "software-only; QSCD not enforced. Set EIDAS_SOFT_ALLOWED=1 to enable profile."

etc/rootpack/kr/crypto.profile.yaml

@@ -0,0 +1,19 @@
+StellaOps:
+  Crypto:
+    Registry:
+      ActiveProfile: kr-kcmvp-hash
+      PreferredProviders:
+        - kr.kcmvp.hash
+        - default
+      Profiles:
+        kr-kcmvp-hash:
+          PreferredProviders:
+            - kr.kcmvp.hash
+            - default
+    Diagnostics:
+      Providers:
+        Enabled: true
+        Metrics:
+          LogLevel: Information
+    Notes:
+      Certification: "hash-only baseline (SHA-256). Set KCMVP_HASH_ALLOWED=1 to enable."

etc/rootpack/ru/crypto.profile.yaml

@@ -1,13 +1,21 @@
 StellaOps:
   Crypto:
     Registry:
-      ActiveProfile: ru-offline
+      ActiveProfile: ru-linux-soft
       PreferredProviders:
-        - default
+        - ru.openssl.gost
+        - ru.winecsp.http
+        - ru.pkcs11
       Profiles:
-        ru-offline:
+        ru-linux-soft:
+          PreferredProviders:
+            - ru.openssl.gost
+            - ru.winecsp.http
+            - ru.pkcs11
+        ru-csp:
           PreferredProviders:
             - ru.cryptopro.csp
+            - ru.winecsp.http
             - ru.openssl.gost
             - ru.pkcs11
     CryptoPro:
@@ -28,6 +36,13 @@ StellaOps:
           Pin: "${PKCS11_PIN}"
           PrivateKeyLabel: rootpack-signing
           CertificateThumbprint: "<thumbprint>"
+    WineCsp:
+      ServiceUrl: http://localhost:5099
+      Keys:
+        - KeyId: ru-wine-default
+          Algorithm: GOST12-256
+          RemoteKeyId: ru-csp-default
+          Description: Wine CSP sidecar (CryptoPro via Wine)
     OpenSsl:
       Keys:
         - KeyId: ru-openssl-default

etc/rootpack/us-fips/crypto.profile.yaml

@@ -0,0 +1,21 @@
+StellaOps:
+  Crypto:
+    Registry:
+      ActiveProfile: us-fips-soft
+      PreferredProviders:
+        - fips.ecdsa.soft
+        - pq.soft
+        - default
+      Profiles:
+        us-fips-soft:
+          PreferredProviders:
+            - fips.ecdsa.soft
+            - pq.soft
+            - default
+    Diagnostics:
+      Providers:
+        Enabled: true
+        Metrics:
+          LogLevel: Information
+    Notes:
+      Certification: "non-certified software baseline; enable FIPS_SOFT_ALLOWED=1 to activate"