Improve algorithm versioning

[baentsch]

A downstream discussion highlighted the fact that OQS does not have a solid and controlled approach to versioning algorithms, but simply adopts the upstream versioning information. If that versioning is not properly managed, e.g., when a KAT-breaking change is not getting properly assigned a new version, liboqs and dependent code inherits this error and accordingly, if not manually curated, make it impossible to tell functionally different code bases apart in binary distributions.

This issue is to suggest this gets improved.

An initial proposal is to prefix all upstream version information within liboqswith the source's short github id, e.g., "pqclean-abcdef01-...".

Further proposals welcome.

[bhess]

This concerns the alg_version fields in the OQS_SIG/OQS_KEM structs, right?

What about a proposal to add an additional field such as:

• alg_version: algorithm specification version -> expect KAT-breaking changes if updated
• upstream_version: upstream commit id or code package hash -> tracks code version, not necessarily KAT-breaking if updated

This would be easier to parse than the prefixing-approach.