Add Security Mode Reject lib/unit test and adopt in stack

This MR is adding the library for the NAS Security Mode Reject, and relevant unit test.

The UE shall send a SECURITY MODE REJECT containing a 5GMM cause that typically indicates one of the following cause values: (23) UE security capabilities mismatch. (24) security mode rejected, unspecified

• The message shall be protected if a security context is available.
• The message is adopted in the handling of Security Mode Command failure.

See 3GPP TS 24.501 5.4.2.5 "NAS security mode command not accepted by the UE".

This MR is including changes from !3262 (closed):

This patch series addresses a security issue where the UE improperly accepts a Security Mode Command (SMC) without an authentication header (Security Header 0). This behavior violates TS 24.501 and enables an attacker to bypass authentication, set integrity protection to NULL (NIA0), and reconfigure the UE without proper verification.

We identified the following issues:

1. The UE currently accepts unauthenticated SMC messages, even allowing NIA0 and EIA0 to be set outside emergency mode.
2. When applying NIA0, the MAC field remains uninitialized, consistently containing the sequence 0xFF3F0000, making it feasible to bypass authentication and enforce insecure configurations.
3. The UE does not properly signal security mode failures to the Core Network.

This patch series tries to address the above-mentioned issues:

1. Reject unauthenticated SMC messages, enforcing the requirement that they must be integrity-protected.
2. Validate MAC before applying security settings, ensuring that only authenticated messages are accepted.
3. Tear down the security context if an integrity check fails.
4. Introduce the Security Mode Reject message to inform the Core Network of failed SMC procedures, as required by TS 24.501.