Add post-quantum cryptography support with PqSoftCryptoProvider

- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle.
- Added PqSoftProviderOptions and PqSoftKeyOptions for configuration.
- Created unit tests for Dilithium3 and Falcon512 signing and verification.
- Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists.
- Added KcmvpHashOnlyProvider for KCMVP baseline compliance.
- Updated project files and dependencies for new libraries and testing frameworks.

src/__Libraries/StellaOps.Cryptography.Tests/PqSoftCryptoProviderTests.cs

@@ -0,0 +1,77 @@
+using System;
+using System.Text;
+using FluentAssertions;
+using Microsoft.Extensions.Options;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium;
+using Org.BouncyCastle.Pqc.Crypto.Falcon;
+using StellaOps.Cryptography;
+using StellaOps.Cryptography.Plugin.PqSoft;
+using Xunit;
+
+namespace StellaOps.Cryptography.Tests;
+
+public class PqSoftCryptoProviderTests
+{
+    [Fact]
+    public async Task Dilithium3_Signs_And_Verifies()
+    {
+        var provider = CreateProvider();
+
+        var generator = new DilithiumKeyPairGenerator();
+        generator.Init(new DilithiumKeyGenerationParameters(new SecureRandom(), DilithiumParameters.Dilithium3));
+        var keyPair = generator.GenerateKeyPair();
+
+        var priv = ((DilithiumPrivateKeyParameters)keyPair.Private).GetEncoded();
+        var pub = ((DilithiumPublicKeyParameters)keyPair.Public).GetEncoded();
+
+        provider.UpsertSigningKey(new CryptoSigningKey(
+            new CryptoKeyReference("pq-dil3"),
+            SignatureAlgorithms.Dilithium3,
+            priv,
+            DateTimeOffset.UtcNow,
+            publicKey: pub));
+
+        var signer = provider.GetSigner(SignatureAlgorithms.Dilithium3, new CryptoKeyReference("pq-dil3"));
+        var data = Encoding.UTF8.GetBytes("dilithium-soft");
+
+        var signature = await signer.SignAsync(data);
+        (await signer.VerifyAsync(data, signature)).Should().BeTrue();
+    }
+
+    [Fact]
+    public async Task Falcon512_Signs_And_Verifies()
+    {
+        var provider = CreateProvider();
+
+        var generator = new FalconKeyPairGenerator();
+        generator.Init(new FalconKeyGenerationParameters(new SecureRandom(), FalconParameters.falcon_512));
+        var keyPair = generator.GenerateKeyPair();
+
+        var priv = ((FalconPrivateKeyParameters)keyPair.Private).GetEncoded();
+        var pub = ((FalconPublicKeyParameters)keyPair.Public).GetEncoded();
+
+        provider.UpsertSigningKey(new CryptoSigningKey(
+            new CryptoKeyReference("pq-falcon"),
+            SignatureAlgorithms.Falcon512,
+            priv,
+            DateTimeOffset.UtcNow,
+            publicKey: pub));
+
+        var signer = provider.GetSigner(SignatureAlgorithms.Falcon512, new CryptoKeyReference("pq-falcon"));
+        var data = Encoding.UTF8.GetBytes("falcon-soft");
+
+        var signature = await signer.SignAsync(data);
+        (await signer.VerifyAsync(data, signature)).Should().BeTrue();
+    }
+
+    private static PqSoftCryptoProvider CreateProvider()
+    {
+        var options = Options.Create(new PqSoftProviderOptions
+        {
+            RequireEnvironmentGate = false
+        });
+
+        return new PqSoftCryptoProvider(options);
+    }
+}