Add support for curve25519-sha256 key exchange method

[scott-xu]

This PR adds support for curve25519-sha2 key exchange method described by https://datatracker.ietf.org/doc/html/rfc8731

Close #307

[scott-xu]

The CI action is awaiting approval @tmds

[tmds]

@scott-xu looks good! I'd like to share some code with the ECDHKeyExchange class by adding a base KeyExchange class. I'm going to highlight the regions of code that I think can be in the base class.

[scott-xu]

That's exactly what I'm doing right now and is the reason why I convert it back to Draft.

[scott-xu]

I got some challenges when I try to put most logics in the base KeyExchange class and let derived class implement the difference.
For example, I tried to abstract ReadServerExchangeValue method and put the implementation in derived class. However it doesn't work because below reader is ref struct.

var reader = packet.GetReader();
reader.ReadMessageId(MessageId.SSH_MSG_KEX_ECDH_REPLY);
SshKey public_host_key = reader.ReadSshKey();
ReadServerExchangeValue(reader);
ReadOnlySequence<byte> exchange_hash_signature = reader.ReadStringAsBytes();
reader.ReadEnd();
return (
    public_host_key,
    exchange_hash_signature);

protected override void ReadServerExchangeValue(SequenceReader reader)
{
    q_s = reader.ReadStringAsECPoint();
}

[tmds]

I got some challenges when I try to put most logics in the base KeyExchange class and let derived class implement the difference.

I don't want to try and split the key exchange in several abstract methods that a derived class then implements because of these challenges.

I would like to focus on the sections of code I commented on and let each derived class use them in their TryExchangeAsync implementation by calling the base class method.

[scott-xu]

Might be good to use another PR for sntrup761x25519sha512 and mlkem768x25519sha256

[tmds]

@scott-xu, thank you for implementing curve25519-sha256 support!