tlsconfig: Add support for configuring use of PQ KEMs during TLS handshake

[hlandau]

This adds a new option to spiffetls/tlsconfig which enables the opportunistic or mandatory use of a post-quantum-safe TLS KEM to be configured. This leverages the addition of the X25519Kyber768Draft00 TLS KEM to Go 1.23 and depends on that support in order to be useful.

This is useful for SPIFFE Workload API clients, though the intention is also to use this in SPIRE as it is cleaner than simply performing process-global manipulation of GODEBUG.

[hlandau]

@amartinezfayo Updated. Needs CI approval again. I've run this through CI myself now so hopefully you won't have to keep pressing it.

[azdagron]

Thank you for the contribution, @hlandau.

The tlsconfig package is considered a fairly "low level" package for covering the basic TLS configuration required for SPIFFE auth. There are many, many ways in which callers might want to customize TLS configuration and adding a knob for each of those ways isn't practical. As such, the bar for adding an option or function to this package is pretty high, generally granted only for SPIFFE-related features and controls, or features that would benefit a large number of users.

Considering this change requires go1.23 to benefit, and considering that go1.23 (by default unless disabled through an ENVVAR) automatically enables the Kyber curve by default (unless SupportedCurves is overridden), this option doesn't feel like it meets the bar.

Typically consumers of the tlsconfig package who need customization write their own routines that invoke the tlsconfig package to get a base configuration and then apply the customizations. Is this sufficient for your use case?

[hlandau]

Makes sense & seems reasonable. This PR is supporting work on SPIRE so the code in question can be moved over into a unified PR against https://github.com/spiffe/spire, which is logistically easier in any case.

Thanks.