Stabilize ML-DSA X.509 PKIs with published RFC 9881.

[vcsjones]

Removes ExperimentalAttribute on:

• PublicKey MLDsa members.
• X509Certificate2 MLDsa members.
• X509CertificateKeyAccessors MLDsa members.
• SPKI and PKCS#8 members on MLDsa.

External-Mu and SignPreHash members on MLDsa remain Experimental.

Closes #125751

[dotnet-policy-service]

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR stabilizes ML-DSA-related X.509 APIs by removing ExperimentalAttribute from the ML-DSA PKI surface area (PublicKey, X509Certificate2, certificate key accessor extensions, and ML-DSA SPKI/PKCS#8 import/export), aligning with the publication of RFC 9881. External-Mu and SignPreHash ML-DSA APIs remain experimental.

Changes:

• Removed ExperimentalAttribute from ML-DSA members on PublicKey, X509Certificate2, and X509CertificateKeyAccessors.
• Removed ExperimentalAttribute from ML-DSA SPKI and PKCS#8 import/export APIs (including encrypted PKCS#8 and PEM helpers) and updated reference assemblies accordingly.
• Updated compatibility/apicompat suppression baselines and refreshed IETF test/vector references to RFC 9881.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs	Removes experimental markings from ML-DSA certificate key APIs.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs	Removes experimental markings from ML-DSA PublicKey ctor and key extraction API.
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs	Updates public ref surface to reflect ML-DSA stabilization (SPKI/PKCS#8 + X509 APIs).
src/libraries/Microsoft.Bcl.Cryptography/src/System/Security/Cryptography/X509Certificates/X509CertificateKeyAccessors.cs	Removes experimental markings from ML-DSA extension APIs.
src/libraries/Microsoft.Bcl.Cryptography/src/CompatibilitySuppressions.xml	Adds package-validation suppressions for experimental-attribute deltas related to stabilization.
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/MLDsa/MLDsaTestsData.Ietf.cs	Updates test-data source link to RFC 9881.
src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs	Removes experimental markings from ML-DSA SPKI/PKCS#8 import/export APIs.
src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyBothAsn.xml	Updates RFC reference and documents expanded key sizing for multiple parameter sets.
src/libraries/Common/src/System/Security/Cryptography/Asn1/MLDsaPrivateKeyAsn.xml	Updates RFC reference URL.
src/libraries/apicompat/ApiCompatBaseline.NetCoreAppLatestStable.xml	Adds apicompat suppressions for experimental-attribute removals between net10 and net11.