KAT-driven validation of the MQOM engine. For each variant, the upstream
KAT generator submits a 48-byte seed to the NIST CTR-DRBG, draws a
key-pair seed and per-signature randomness from it, and records (pk, sk,
sm = msg || sig). This test replays the DRBG and asserts byte-identity
with the recorded outputs.
The KAT files under core/src/test/data/pqc/crypto/mqom/kat/
contain a small prefix (first three entries) of the upstream
PQCsignKAT_*.rsp stream — enough to exercise the deterministic
pipeline without bulking up the test data tree.