Drop hard-coded gitlab-sshd algorithms in config

What does this MR do?

Now that gitlab-org/gitlab-shell!1315 (merged) has been merged, we allow gitlab-sshd to use the default supported algorithms. This adds some newer, stronger key exchange algorithms while dropping diffie-hellman-group14-sha1, which has been dropped in OpenSSH 10 and not used by most clients.

For FIPS, this disables elliptical curve key exchanges and other algorithms by default.

Related issues

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/561537

Author checklist

For general guidance, please follow our Contributing guide.

How to validate locally

1. Enable gitlab-sshd and use the FIPS build:

gitlab:
  gitlab-shell:
    image:
      pullPolicy: Always
      tag: main-fips
    sshDaemon: gitlab-sshd

2. SSH into the system with an EC algorithm:

ssh -o KexAlgorithms=curve25519-sha256 git@gitlab.example.com

3. This should report:

Unable to negotiate with x.x.x.x port 22: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp384,kex-strict-s-v00@openssh.com

This should work fine with tag: main.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

• Merge Request Title and Description are up to date, accurate, and descriptive.
• MR targeting the appropriate branch.
• MR has a green pipeline.
• Documentation created/updated.
• Tests added/updated, and test plan for scenarios not covered by automated tests.
• Equivalent MR/issue for omnibus-gitlab opened.

Reviewers checklist

• MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
• Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.