Add ability to allow only deploy keys in AuthorizedKeysCommand

What does this MR do?

This is a follow-up to !19911 (merged). Now (as discussed in the commit message) administrators can forbid non-deploy keys, this is useful in combination with SSH certificates. See gitlab-shell!220 (closed) for the gitlab-shell MR.

Are there points in the code the reviewer needs to double check?

I still don't have any test for this. Thought I'd submit this sooner than later for feedback on what I have already.

Adding those was easier than expected, both this MR and the gitlab-shell MR have tests now.

Why was this MR needed?

A common use-case with SSH certificates is to ensure that only a whitelist of user keys with certs are used on the instance (not issued by the user, but by a central SSH key issuer). Users being able to have their manually uploaded keys used in such a setup bypasses the security policy.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated
• API support added
• Tests added for this feature/bug
• Conforms to the code review guidelines
  • Has been reviewed by a UX Designer
  • Has been reviewed by a Frontend maintainer
  • Has been reviewed by a Backend maintainer
  • Has been reviewed by a Database specialist
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the database guides
• If you have multiple commits, please combine them into a few logically organized commits by squashing them
• Internationalization required/considered
• End-to-end tests pass (package-and-qa manual pipeline job)

What are the relevant issue numbers?

Closes #49218 (moved)