pki: ssh_key_hash_from_name() silently returns SSH_DIGEST_AUTO on unknown input

Summary

ssh_key_hash_from_name() in src/pki.c returns SSH_DIGEST_AUTO when called with a NULL or unknown algorithm name, instead of signaling an error. This masks invalid input to callers.

Problem

The function has two TODOs acknowledging this:

if (name == NULL) {
    /* TODO we should rather fail */
    return SSH_DIGEST_AUTO;
}
...
/* TODO we should rather fail */
return SSH_DIGEST_AUTO;

Both callers (pki.c:2903 and wrapper.c:584) use the return value without checking whether it is valid, meaning an unknown algorithm name silently results in SSH_DIGEST_AUTO being used downstream.

The root cause is that enum ssh_digest_e has no dedicated error value — SSH_DIGEST_AUTO=0 serves both as "auto-detect" and as the implicit zero/default value, making it impossible to distinguish a valid AUTO from a failed lookup.

Proposed Fix

1. Add SSH_DIGEST_UNKNOWN to enum ssh_digest_e
2. Return SSH_DIGEST_UNKNOWN for NULL or unrecognized input in ssh_key_hash_from_name()
3. Update both callers to handle SSH_DIGEST_UNKNOWN as an error

Impact

Low risk — touches only ssh_key_hash_from_name() and its two call sites in src/pki.c and src/wrapper.c.

I am happy to submit a MR for this fix.