Improved import and export

- On import, if a seed is provided, the keys are regenerated.

- The seed is exported as a separate "seed" parameter, when available.
  The "ml-kem.retain_seed" parameter is also exported, when false.

- The seed is optionally dropped after key generation.
    * When the "ml-kem.retain_seed" keygen parameter is set to zero.
    * When the "ml-kem.retain_seed" keygen parameter is not set to 1,
      and the "ml-kem.retain_seed" provider config property is set
      explictly false.

- The exported private key parameter "priv" is always the FIPS 203 |dk|.

- Private key decoding from PKCS#8 produces a transient "seed-only" form
  of the key, in which "retain_seed" is set to false when the
  "ml-kem.retain_seed" provider config property is set explictly false.
  The full key is generated during "load" and the seed is retained
  or not as specified.

- Import honours the "ml-kem.retain_seed" parameter when specified, or
  otherwise honours the provider's "ml-kem.retain_seed" property.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26512)

util/perl/OpenSSL/paramnames.pm

@@ -299,7 +299,6 @@ my %params = (
     'PKEY_PARAM_MGF1_DIGEST' =>         "mgf1-digest",
     'PKEY_PARAM_MGF1_PROPERTIES' =>     "mgf1-properties",
     'PKEY_PARAM_ENCODED_PUBLIC_KEY' =>  "encoded-pub-key",
-    'PKEY_PARAM_ENCODED_PRIVATE_KEY' => "encoded-priv-key",
     'PKEY_PARAM_GROUP_NAME' =>          "group",
     'PKEY_PARAM_DIST_ID' =>             "distid",
     'PKEY_PARAM_PUB_KEY' =>             "pub",
@@ -420,6 +419,7 @@ my %params = (
 
 # ML-KEM parameters
     'PKEY_PARAM_ML_KEM_SEED' => "seed",
+    'PKEY_PARAM_ML_KEM_RETAIN_SEED' => "ml-kem.retain_seed",
 
 # Key generation parameters
     'PKEY_PARAM_FFC_TYPE' =>         "type",