Add ROCm PQC TrustFlow KEM and signature example

[firedoil]

Motivation

This PR adds a ROCm/HIP post-quantum cryptography application example under Applications/pqc_trustflow_rocm.

The example targets two innovation-development goals:

1. Development of currently unsupported functions:

   • ROCm/HIP batch KEM API for Kyber/Aigis-enc.
   • ROCm/HIP batch signature API for ML-DSA/Aigis-sig.
   • File-level KEM/signature command-line APIs.
   • TrustFlow frontend integration for multi-file secure packaging.

2. Performance bottleneck localization and optimization:

   • ROCm profiling and tuning scripts.
   • KEM TPB, launch-bound, and buffer-reuse optimization records.
   • Signature resource-aware decomp pipeline and feature-matrix candidates.
   • Quantified evidence summaries and conservative optimization decisions.

Technical Details

This PR adds a new application example:

Applications/pqc_trustflow_rocm

The example is organized into two parts:

• 01_unsupported_feature_rocm_pqc_api/

  • KEM ROCm/HIP backend and file-level API.
  • Signature ROCm/HIP backend and file-level API.
  • TrustFlow frontend integration.
  • API and quick-start documentation.

• 02_performance_bottleneck_rocm_optimization/

  • KEM profiling/tuning scripts.
  • Signature feature-matrix and resource-aware optimization scripts.
  • Evidence summaries for bottleneck attribution and optimization results.

Generated binaries, caches, secret files, temporary outputs, and large logs are intentionally excluded.

Test Plan

The example provides smoke-test and profiling entry points:

KEM correctness smoke test:

cd Applications/pqc_trustflow_rocm/01_unsupported_feature_rocm_pqc_api/kem_api
bash build_hip.sh kyber768
bash run_kem_smoke_amd.sh

Test Result

Recorded evidence shows:
KEM correctness smoke tests pass.
Signature policy smoke tests pass.
Kyber-768 profiling identifies the sample/XOF/rejection-sampling stage as the dominant bottleneck.
Kyber-768 encaps throughput improves from about 6.00M ops/s to about 7.10M ops/s after launch-bound tuning.
Signature feature-matrix results show local wins from cp_fuse, wave64_ctrl, tail16, and adaptive candidates, while the stable default keeps the resource-aware decomp pipeline to avoid regressions.

Added/Updated documentation?

• Yes
• No, does not apply to this PR.

Included Visual Studio files?

• Yes
• No, does not apply to this PR.

Submission Checklist

• New examples contain proper CMake and Make files.
• I have updated relevant CI workflows and the new examples are being built and tested in CI.
• Check and guard against unsupported ASICs if relevant dependent libraries have limited support.
• Look over the contributing guidelines at https://github.com/ROCm/ROCm/blob/develop/CONTRIBUTING.md#pull-requests.