[Feature] Utilize and Implement PQ-encryption methods

[teward]

With various policies at NIST and government levels in place, by 2030 all PKI utilized by the government and civilian industry sectors under those standards will need to implement Post-Quantum Encryption and Signature Methods.

Currently, it is my understanding these signature algorithms are available with OpenSSL 3.5 (which is available in Debian Testing and Unstable and Experimental, and is in Ubuntu 25.10 and will be in 26.04).

Additionally, it is suggested by current post-quantum transitions ahead of a cryptographically-significant quantum computer being available to use composite signatures as an option, so legacy items can still use generated certificates while newer signature algorithms are also accepted, as part of this transition.

Does XCA support these signature algos when built against a version of OpenSSL 3.5 which contains the post-quantum encryption and signature algorithms, and if not can we get it implemented?

Additionally, can we implement hybrid/composite signatures so both post-quantum and current signature algos can be used at the same time?