[configtls] Hybrid key exchange automatically applies in go version >= 1.24.0

[Geun-Oh]

Description

This PR adds automatic support for post-quantum hybrid key exchange (X25519MLKEM768) introduced in Go 1.24.0. When curve_preferences is not explicitly configured in TLS settings, the collector now automatically prioritizes X25519MLKEM768 for optimal security in non-FIPS builds compiled with Go 1.24+.

Key changes:

• Non-FIPS builds with Go 1.24+ automatically default to [X25519MLKEM768, X25519, P256, P384, P521] curve preferences
• FIPS builds continue to use only NIST P-curves [P256, P384, P521] (FIPS-compliant)
• Backward compatibility maintained for Go versions before 1.24.0 using constant 0x11EC
• Build tag-based separation between FIPS (curves_fips.go) and non-FIPS (curves_nofips.go) implementations

This enables post-quantum security by default without requiring any configuration changes, while maintaining full backward compatibility and FIPS compliance.

Link to tracking issue

Fixes #14335

Testing

• Added unit tests for default curve preferences (TestDefaultCurvePreferences)
• Added Go 1.24+ validation test (TestX25519MLKEM768Value) to ensure constant 0x11EC matches tls.X25519MLKEM768
• Updated existing curve preference tests to handle X25519MLKEM768
• Verified FIPS and non-FIPS builds compile and test correctly
• Confirmed backward compatibility with Go versions before 1.24.0

All tests pass for both FIPS and non-FIPS build configurations.

Documentation

• Updated README.md to document automatic post-quantum security when curve_preferences is not configured
• Added explanation of X25519MLKEM768 and its post-quantum hybrid key exchange capabilities
• Documented default curve preference order for both FIPS and non-FIPS builds
• Added examples showing how to explicitly configure X25519MLKEM768 if desired

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: Geun-Oh / name: Hyeonggeun Oh (16234b8, 4c11ee1, 71da754, 902834e, 9e110ad, 9e4cf77, 9ee9764, 9fbff2c, c2d390d)

[Brent-Durham]

Why are you breaking convention?

[atoulme]

that's the same set as tlsCurveTypes right above

[atoulme]

There is no need to specify go versions, we only support supported Go versions, and 1.24 is the oldstable version now.

I don't understand why you're making those changes as this is doable right now by way of configuration. Why should X25519MLKEM768 be offered always? Can you reduce your diff to avoid touching anything related to FIPS?

[Brent-Durham]

Agreed. NIST SP800-140D lists the approved kems. Hybrid is not on the list. THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

[Geun-Oh]

Agree with that. So It means that it's okay to done with avoid double checking..?

It seems that I misunderstood what @Brent-Durham wants.

Maybe it will be good to close this and re-open with new pr if there are remain fixing things.

[Geun-Oh]

If X25519MLKEM768 doesn't needed to provided in default, I'll close it and finish this issue.
Or It would be great to add test & docs of X25519MLKEM768?

[atoulme]

Does it need to be provided by default? Can you make a case for it?