Copy from upstream (Kyber), add pqcrystals-* licenses to README

[bhess]

• Pulls latest Kyber commit from upstream (pqcrystals)
• Updates readme with pqcrystals license information (CC0 or Apache-2.0)

Fixes #1402

• Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
• Does this PR change the the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in oqs-provider, OQS-OpenSSL, OQS-BoringSSL, and OQS-OpenSSH will also need to be ready for review and merge by the time this is merged.)

[baentsch]

Is the term "...or..." between the licenses correct/sensible? I'm not a lawyer, but those guys could understand "or" to mean "the stricter of the two". What's your (lawyer's) take, @beldmit as you raised the issue in #1388? Does this resolve the "CC0" problem for Fedora? Is it OK we still only have CC0 for ARM?

[baentsch]

As this change presumably gives OQS more legal freedom & wider acceptance, good for me too. Will merge early next week if no objections heard by @beldmit.

[beldmit]

Thank you very much! It's a significant step forward!

[baentsch]

Thank you very much! It's a significant step forward!

Re-reviewing things I wonder whether there's now a mismatch between upstream repo and liboqs wrt Dilithium: @bhess you manually changed the README for Dilithium, but the copy_from_upstream didn't modify the algorithm documentation, so this PR now introduces conflicting license statements (between https://github.com/open-quantum-safe/liboqs/tree/bhe-crystallic#license and https://github.com/open-quantum-safe/liboqs/blob/bhe-crystallic/docs/algorithms/sig/dilithium.md ): Is that truly intentional?

[bhess]

@bhess you manually changed the README for Dilithium, but the copy_from_upstream didn't modify the algorithm documentation, so this PR now introduces conflicting license statements (between https://github.com/open-quantum-safe/liboqs/tree/bhe-crystallic#license and https://github.com/open-quantum-safe/liboqs/blob/bhe-crystallic/docs/algorithms/sig/dilithium.md ): Is that truly intentional?

Oh I missed to update the algorithm documentation yml/md for both Dilithium and Kyber, will add it with a commit. Thanks for noticing.
Dilithium didn't need to be updated since the dual license was already added the last time we pulled from upstream, but copy_from_upstream doesn't update license identifiers.