ML-DSA: Assert signing empty span

[vcsjones]

The native shim for OpenSSL asserts that the msg parameter is not null:

runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_ml_dsa.c

Line 161 in 1b090a9

assert(msg);

However it can be null when signing an empty message, as ReadOnlySpan<byte>.Empty will marshal as NULL. This unit test reproduces it:

[Fact]
public static void MlDsaNullMessage()
{
    using MLDsa mldsa = MLDsa.GenerateKey(MLDsaAlgorithm.MLDsa44);
    byte[] signature = new byte[mldsa.Algorithm.SignatureSizeInBytes];
    _ = mldsa.SignData(ReadOnlySpan<byte>.Empty, signature);
}

The active test run was aborted. Reason: Test host process crashed : dotnet: /home/vcsjones/Projects/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_ml_dsa.c:81: int32_t CryptoNative_MLDsaSignPure(EVP_PKEY *, void *, uint8_t *, int32_t, uint8_t *, int32_t, uint8_t *, int32_t): Assertion `msg' failed.

The two ways to fix this are:

1. If EVP_PKEY_sign permits tbs to be NULL (as long as tbslen is 0) then we can relax the assert.
2. If EVP_PKEY_sign requires a non-NULL tbs, we can either handle that in the native shim (put an empty buffer on the stack), or use GetNonNullPinnableReference from the managed side.

Additionally, we should make sure context works correctly as well for "null-span" contexts, and that everything has proper unit test coverage. Verify should be tested as well.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.