Fix uninitialized EVP_MD_CTX and harden bn_dup_into

[justsmth]

Description of changes:

In rsa_key_fips_pairwise_consistency_test_signing, md_ctx was used uninitialized if EVP_PKEY_new or EVP_PKEY_set1_RSA failed before EVP_MD_CTX_init was reached. The cleanup path would then call EVP_MD_CTX_cleanse on garbage stack data. Move the init to immediately after declaration so all goto paths are safe.

Also add an aliasing guard to bn_dup_into to prevent a use-after-free if *dst and src ever point to the same BIGNUM, and remove a dead variable left over from refactoring in RSA_check_fips.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

[github-actions]

clang-tidy made some suggestions

[codecov-commenter]

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 78.35%. Comparing base (0628190) to head (330f4d3).

Files with missing lines	Patch %	Lines
crypto/fipsmodule/rsa/rsa.c	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3033      +/-   ##
==========================================
- Coverage   78.35%   78.35%   -0.01%     
==========================================
  Files         689      689              
  Lines      121010   121010              
  Branches    16992    16993       +1     
==========================================
- Hits        94813    94812       -1     
- Misses      25302    25303       +1     
  Partials      895      895              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.