security/strongswan: Enable ML plugin by default to allow Post-Quantum Key Exchange Methods
Currently ML-DSA (used for Digital Signatures) is a draft in strongswan
(ETA Version 6.1.0 or later). So CNSA 2.0 cannot be fully supported yet.
https://linux-ipsec.org/slides/2025/steffen-pqc-auth-for-ikev2.pdf
But most firewalls (Palo Alto / Fortigate) already support ML-KEM Key
Exchange in addition to standard proposals.
E.g. aes128gcm16-ecp256-ke1_mlkem512.
More details:
https://docs.strongswan.org/docs/latest/config/proposals.html
PR: 294305
Approved by: strongswan@Nanoteq.com (maintainer, timeout 2 weeks)
Sponsored by: UNIS Labs