gitlab-sshd: Add support for configuring host certificates

This adds support for specifying host certificates via the host_cert_files option and advertises the signed key to the client. This acts similarly to OpenSSH's HostCertificate parameter: gitlab-sshd attempts to match a host key to its certificate, and then substitutes the matching host key with a certificate signed by a trusted certificate authority's key.

This is the first requirement to supporting SSH certificates. This will enable the client to trust the server if both trust a common certificate authority. The TrustedUserCAKeys option will need to be supported later for the server to trust all user keys signed by this certificate authority.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/495

More info: https://gitlab.com/gitlab-org/gitlab-shell/-/issues/495#note_988003851

How to test locally

https://berndbausch.medium.com/ssh-certificates-a45bdcdfac39 is a good overview. Follow the steps to generate a host certificate and plug this cert into host_cert_files.

On the client, you can see this certificate presented via ssh -v git@localhost -p 2222:

debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:xbXxr87ITmpGg4+W3x/hZfIRMKKQFxW4NgxMeY4RJJw, serial 0 ID "localhost-rsa" CA ssh-rsa SHA256:DXVEdP9B/0SEU4b/4wcHO0DuKCQtZxcGVxRVbdbTOGE valid from 2022-06-11T00:23:00 to 2038-01-18T19:14:07