ssh_keys docs example should warn about ssh-keyscan being insecure against mitm
Problem to solve
https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/ci/ssh_keys/README.md mentions that ssh hostkeys should be verified "run the ssh-keyscan command from a trusted network". The example before_script: at the bottom should state clearly that uncommenting the ssh-keyscan there, i.e. running it on the gitlab runner, amounts to not checking the key at all.
Further details
Proposal
Update the comment in the code, and on https://gitlab.com/gitlab-examples/ssh-private-key/ too.