Enhance controls on permitted SSH keys to take FIPS requirements into account

Proposal

GitLab includes support for placing restrictions on types and strengths of SSH keys used by clients: https://docs.gitlab.com/ee/security/ssh_keys_restrictions.html#restrict-allowed-ssh-key-technologies-and-minimum-length

Only some of the possible configurations are FIPS-compliant, e.g. DSA keys are absolutely not supported under FIPS.

The OpenSSH server (or gitlab-sshd) can be configured to reject forbidden keys at that level, but we should probably also have a "FIPS mode" for this configuration that enables only those keys and strengths that are permitted. This will give users better feedback (adding the keys to the instance will be forbidden), and remove a dependency on an external component when it comes to enforcing compliance.