Add missing header file (openssl/ml_kem.h) of OpenSSL 3.5

Reviewed by:	fluffy, ngie
Approved by:	ngie (maintainer)
Differential Revision:	https://reviews.freebsd.org/D56291

This change modifies the libcrypto PIC objects to always compile with
`-DOPENSSL_PIC -fPIC` to restore parity with the upstream build process.
This ensures that the legacy provider is built with parity to the
upstream legacy provider.

MFC after:              12 days
Tested with:		`make check` (legacy provider), `make universe`
Fixes:			14b9955e
Differential Revision:  https://reviews.freebsd.org/D44896

This change adds a simple smoke test for the legacy provider to ensure
that the provider doesn't break in the future when performing updates.

This is not a functional or system test; the OpenSSL test suite does a
much better job at doing this than we can.

MFC after:		1 week
Differential Revision:	https://reviews.freebsd.org/D53045

This is a targeted effort to update the INCS and SRCS entries for
libcrypto, the legacy provider, and libssl to match what upstream
(OpenSSL) builds in their respective libraries.

The number of stylistic changes were kept at a minimum.

Another incoming change will reformat this file to make future
maintenance easier.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D52554

We need to build OpenSSL when bootstrapping certctl.  On MacOS
ktls_enable() isn't defined anywhere, so without this the build fails.
We don't need KTLS in the bootstrap library, so just disable it.

Reviewed by:	khorben, ngie
Differential Revision:	https://reviews.freebsd.org/D52341

For some packages (OpenSSL, Kerberos) we want to ship runtime libraries
in a separate package, e.g. openssl and openssl-lib.  Currently this is
done using PACKAGE=openssl-lib, but that creates packages with strange
names like openssl-lib-lib32.

Instead, add a new LIB_PACKAGE option to bsd.lib.mk that causes runtime
libraries to be placed in a new -lib subpackage.  This significantly
improves the set of packages we create; for example, OpenSSL goes from:

	FreeBSD-openssl
	FreeBSD-openssl-dbg
	FreeBSD-openssl-lib
	FreeBSD-openssl-lib-dbg
	FreeBSD-openssl-lib-dbg-lib32
	FreeBSD-openssl-lib-dev
	FreeBSD-openssl-lib-dev-lib32
	FreeBSD-openssl-lib-lib32
	FreeBSD-openssl-lib-man
	FreeBSD-openssl-man

to:

	FreeBSD-openssl
	FreeBSD-openssl-dbg
	FreeBSD-openssl-dbg-lib32
	FreeBSD-openssl-dev
	FreeBSD-openssl-dev-lib32
	FreeBSD-openssl-lib
	FreeBSD-openssl-lib32
	FreeBSD-openssl-man

While here, move /usr/bin/krb5-config and /usr/bin/compile_et into
the kerberos-dev package.

Reviewed by:	des
Differential Revision:	https://reviews.freebsd.org/D51925

Some platforms, like macOS, do not expose headers for the system's
libcrypto for public consumption.  libcrypto is relatively heavy and
needs to know, e.g., the host system's endianness, so we scope the build
down to macOS where OpenSSL headers are known to not be present and we
can be reasonably certain that most of the systems today that would be
cross-building are little endian.

We still don't bother if building WITHOUT_OPENSSL since the end result
is expected to be used by OpenSSL, but perhaps we could revisit that
independently in case one, e.g., brings their own implementation.

Reported by:	jrtc27
Reviewed by:	jrtc27, ngie
Fixes:	c340ef28fd38 ("certctl: Reimplement in C")
Differential Revision:	https://reviews.freebsd.org/D51935

Migrate to OpenSSL 3.5 in advance of FreeBSD 15.0. OpenSSL 3.0 will be
EOL after 2026-09-07.

Approved by:	philip (mentor)
Sponsored by:	Alpha-Omega Beach Cleaning Project
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D51613

Commit 1cbb58886a47 (shipped in 12.0.0) removed all lint infrastructure.
A bunch of NO_LINT definitions remained (perhaps as a bootstrapping
measture).  Remove them.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D50704

This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix