ML-DSA operations use a significant amount of stack space. The goal of this issue is to provide a configuration option to use a global variable instead. The configuration option will be documented as experimental for now.

The size of the global area should be adapted to the most expensive operation that's enabled (export-public, sign, verify).

Either make this incompatible with MBEDTLS_THREADING_C, or protect the global area by a mutex.

There is ongoing work to make this possible in mldsa-native itself. Depending on the timing, for this issue, we may either use that, or merge our own temporary patch. With pq-code-package/mldsa-native#801 already merged, even if the upstream interface isn't finalized yet, we should probably use the upstream interface (MLD_CONFIG_CUSTOM_ALLOC_FREE and provide our own MLD_CUSTOM_ALLOC — MLD_CUSTOM_FREE would be either a nop or a mutex-free).

We should check manually that with this configuration option, the stack usage is small. Validating the stack usage in the CI is out of scope.

Prerequisites: #633