Allow ad-hoc generation of matrix

[hanno-becker]

Implement steps 4 and 5 in #736

• Introduce a compile-time option MLD_CONFIG_REDUCE_RAM. It should be unset by default. Initially, it should be unused.
• Implement MLD_CONFIG_REDUCE_RAM, ignoring CBMC initially:
  • Modify the definition of mld_polymat so it contains a single mld_polyvecl and a copy of the seed-buffer const uint8_t rho[MLDSA_SEEDBYTES].
  • mld_polyvec_matrix_expand() should merely copy the seed buffer. Note that this changes the signature of mld_polyvec_matrix_pointwise_montgomery as it can no longer take the matrix as const.
  • mld_polymat_get_row() should ad-hoc generate the required row by calling mld_poly_uniform in a loop, just as in mld_polyvec_matrix_expand(), and call mld_poly_permute_bitrev_to_custom on the generated entries to make sure they have the right ordering. Initially, this should ignore batched matrix generation, at the cost of performance.
  • mld_polyvec_matrix_pointwise_montgomery() does not need changing since it already calls mld_polymat_get_row().
  • Make sure ./scripts/tests all still passes with and without MLD_CONFIG_REDUCE_RAM, but ignore CBMC annotations and proofs in this step.