Implement getting keys from ML-DSA (and SLH-DSA eventually) certificates

[Jakuje]

We have logic that allows exporting public keys from certificates on tokens. Its implemented for classical keys, but not for ML-DSA (and we miss test coverage).

Out of scope of this PR, but here we should handle the ML-DSA and SLH-DSA certificates here when ready. What tests are using this code path? I though we have already the ML-DSA support for certificates and export already.

Originally posted by @Jakuje in #649 (comment)

[simo5]

Need to ensure certificate matching will also be handled when this is done.