Add support for ssh certificates

GitLab currently requires that SSH keys it uses by uploaded to its database. In organizations that rely on temporary SSH keys/certificates for authentication this is suboptimal. At Booking.com we had a daemon to listen to LDAP for sshPublicKey changes, and would then upload the new key via the API. This setup was very fragile and a special snowflake in our infrastructure.

This series of patches improves gitlab-shell so that it can take either a user-ID argument or a username-NAME argument, in addition to its current key-ID argument. As discussed in the second patch this allows for using standard OpenSSH features to authenticate purely via SSH certificates, with no need to upload any keys to GitLab's database.

We are running this already at Booking.com, we have a complex setup with thousands of users and hundreds of deploy keys. No issues so far. I have not run this exact version yet, but what's sitting in user-argument/upstream. This is rebased on master with a trivial merge conflict solved, I'm 99.9% confident that it'll work just fine (but don't have the setup to test it).

As noted in the commits these changes also require new internal APIs in gitlab-ce. I'm currently waiting for CI on that and will submit that shortly, and will link to that PR here. Here is that gitlab-ce MR

There was an open issue for this already, which this resolves: https://gitlab.com/gitlab-org/gitlab-ce/issues/34572