Support multiple Falcon signature formats

[SWilson4]

The current (20211101) version of Falcon supports three different signature formats. Currently, we intend to support the "padded" format, which has fixed-length signatures. (As of writing, we don't actually do that and neither does PQClean: see #1561 and PQClean/PQClean#523.) It would be nice to support both "compressed" and "padded" formats in liboqs, and possibly the "constant time" format as well.

More detail on formatting from the Falcon reference implementation:

127 * There are three formats for signatures:
128 *
129 * - COMPRESSED: this is the default format, which yields the shortest
130 * signatures on average. However, the size is variable (see below)
131 * though within a limited range.
132 *
133 * - PADDED: this is the compressed format, but with extra padding bytes
134 * to obtain a fixed size known at compile-time. The size depends only
135 * on the degree; the FALCON_SIG_PADDED_SIZE macro computes it. The
136 * signature process enforces that size by restarting the process
137 * until an appropriate size is obtained (such restarts are uncommon
138 * enough that the computational overhead is negligible).
139 *
140 * - CT: this is a fixed-size format, which furthermore allows
141 * constant-time processing with regard to the signature value and
142 * message data. This is meant for uncommon situations in which
143 * the signed data is secret but of low entropy, and the public key
144 * is not actually public. The CT format is larger than the
145 * COMPRESSED and PADDED formats.

[baentsch]

This is still tagged for 0.10.0 milestone -- but I think we should either close (if we don't intend to add CT format, too?) or move to another milestone (if we do). I'm fine either way, so please do as you see fit, @SWilson4 .

[SWilson4]

Fixed (to the extent that we intend to support Falcon formats) by #1710.