ML-KEM: Change public API surface from API review

[vcsjones]

The reacts to the API changes made in #114453 (so far)

Diff:

- public void Decapsulate(ReadOnlySpan<byte> ciphertext, Span<byte> sharedSecret, out int sharedSecretBytesWritten);
- public byte[] Encapsulate(System.Span<byte> sharedSecret);
- Encapsulate(Span<byte> ciphertext, Span<byte> sharedSecret, out int ciphertextBytesWritten, out int sharedSecretBytesWritten);
- protected void ThrowIfDisposed();

- public byte[] Encapsulate(out byte[] sharedSecret);
+ public void Encapsulate(out byte[] ciphertext, out byte[] sharedSecret);

Contributes to #113508

[dotnet-issue-labeler]

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

[dotnet-issue-labeler]

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

[Copilot]

Pull Request Overview

This PR updates the public API for the ML-KEM implementation to reflect recent API review recommendations.

• Removed several overloads for Decapsulate and Encapsulate.
• Introduced a new signature for Encapsulate that returns both ciphertext and shared secret via out parameters.
• Updated tests across libraries to use the new API surface.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs	Updated public API signatures for ML-KEM.
src/libraries/Common/tests/System/Security/Cryptography/MLKemContractTests.cs	Removed tests for removed overloads; added tests for the new API.
src/libraries/Common/tests/System/Security/Cryptography/MLKemBaseTests.cs	Updated tests to align with the revised API, removing references to obsolete overloads.
src/libraries/Common/src/System/Security/Cryptography/MLKem.cs	Refactored implementation of Encapsulate and ThrowIfDisposed to support the new API.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.