Move dk to Tests in ML-KEM ACVP (#2867)

### Description of changes: 
NIST moved the private key in the ML-KEM decapsulation tests from the
group to the individual tests. Upstream BoringSSL has a similar change
here:  google/boringssl@f12962c.

### Call-outs:
This will be cherry-picked over to FIPS branch once in main.

### Testing:
Updated ACVP tests

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Author: samuel40791765

util/fipstools/acvp/acvptool/subprocess/ml_kem.go

@@ -98,10 +98,10 @@ type mlKemEncapDecapTestGroup struct {
 	Type         string               `json:"testType"`
 	ParameterSet string               `json:"parameterSet"`
 	Function     string               `json:"function"`
-	DK           hexEncodedByteString `json:"dk"`
 	Tests        []struct {
 		ID uint64               `json:"tcId"`
 		EK hexEncodedByteString `json:"ek"`
+		DK hexEncodedByteString `json:"dk"`
 		M  hexEncodedByteString `json:"m"`
 		C  hexEncodedByteString `json:"c"`
 	}
@@ -147,7 +147,7 @@ func processMlKemEncapDecap(vectors json.RawMessage, m Transactable) (interface{
 			case strings.EqualFold(group.Function, "encapsulation"):
 				testResponse, err = processMlKemEncapTestCase(test.ID, group.ParameterSet, test.EK, test.M, m)
 			case strings.EqualFold(group.Function, "decapsulation"):
-				testResponse, err = processMlKemDecapTestCase(test.ID, group.ParameterSet, group.DK, test.C, m)
+				testResponse, err = processMlKemDecapTestCase(test.ID, group.ParameterSet, test.DK, test.C, m)
 			default:
 				return nil, fmt.Errorf("unknown encDecap function: %v", group.Function)
 			}