Support randomized Wycheproof signing vectors

[fegge]

Summary

• Update the pinned Wycheproof commit to include randomized ML-DSA signing vectors.
• Refresh cached vector files when the pinned commit changes.
• Pass optional vector-provided rnd values to the local signing driver and validate malformed rnd inputs.

Validation

• ruff format test/wycheproof/wycheproof_client.py: passed
• ruff check test/wycheproof/wycheproof_client.py: passed
• python3 -m py_compile test/wycheproof/wycheproof_client.py: passed
• clang-format -i test/wycheproof/wycheproof_mldsa.c: passed
• git diff --check -- test/wycheproof/wycheproof_client.py test/wycheproof/wycheproof_mldsa.c: passed
• make wycheproof -j4: passed
• make run_wycheproof -j4: passed, including refreshed randomized signing vectors such as ML-DSA-44 tcId=90
• Direct driver probes for valid rnd and malformed rnd across sigGenSeedDeterministic, sigGenDeterministic, and sigGenInternalDeterministic: passed
• Not run: ./scripts/format because nixpkgs-fmt is not installed in this local environment
• Not run: ./scripts/lint because shfmt is not installed in this local environment

Fixes #1219

---

This work was completed by Trail of Bits as part of the Patch The Planet project in collaboration with OpenAI. The issue was identified primarily by the Codex coding agent, and manually reviewed before submission.

[fegge]

Reopened from an upstream repository branch with DCO-signed commits so full CI can run: #1235