AlgoScan

CI: add GHA build+test multi-platform workflow

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.14.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

The ~769 KiB sigs_ct array was a non-static tentative definition, so
clang emitted it as a common symbol and ld64 requested 32 KiB alignment
for it, exceeding the 16 KiB segment maximum on arm64 macOS:

  ld: warning: reducing alignment of section __DATA,__common from
  0x8000 to 0x4000 because it exceeds segment maximum alignment

The array is only used in this file, so make it static, which places it
in __bss with ordinary alignment and avoids the warning.

Add a couple of small length checks when working with compressed
det1024 signatures, and tidy up the ordering of the bounds check in
falcon_det1024_verify_compressed. Mirrors the existing checks on both
the C and Go sides.

falcon_det1024_convert_compressed_to_ct only checked that comp_decode
succeeded, not that it consumed the entire signature, so a valid
compressed signature with arbitrary trailing bytes would still convert
to a valid CT signature. Enforce exact consumption, matching the check
falcon_verify applies to compressed signatures.

Add tests covering the rejection paths for signatures too short to
contain a header and salt version, and for signatures with trailing
bytes, in both Verify and ConvertToCT.