NIST Draft version of Kyber and Dilithium; remove divisions by KYBER_Q

[mkannwischer]

This PR brings three changes from upstream:

• Update the Kyber and Dilithium implementations to be compatible with the 'standard'-branches of the official repositories
• Eliminate the code in Kyber (poly_tomsg, poly_compress, polyvec_compress) that results in variable-time division instructions for certain compilers with certain build flags (see https://github.com/PQClean/PQClean/pull/534)
• Update SPHINCS+ to only include the parameters selected by NIST

I made the according changes in the M4-optimized implementations as well:

• Remove Kyber-90s as it won't be standardized
• Make all necessary changes to Kyber and Dilithium to pass the testvectors
• Eliminate the code that may result in divisions in all functions based on poly_tomsg, poly_compress, polyvec_compress
• Include a compat.h file to allow SPHINCS+ to build again

Maybe this is a good moment to re-run all benchmarks, @rpls? Quite a few schemes are no longer existing.

[mkannwischer]

@PRASANNA-RAVI, do you mind to double-check if I eliminated all problematic instances of /KYBER_Q?

[rpls]

I'll do the benchmarks in a separate PR. The skiplist also needs updating.