Draft: Add client-side FIDO2/U2F support

Add a description of the new feature/bug fix. Reference any relevant bugs.

Checklist

• Commits have Signed-off-by: with name/author being identical to the commit author
• Code modified for feature
• Test suite updated with functionality tests
• Test suite updated with negative tests
• Documentation updated
• The project pipelines timeout is extended at least to 2 hours.

Reviewer's checklist:

• Any issues marked for closing are addressed
• There is a test suite reasonably covering new functionality or modifications
• Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
• This feature/change has adequate documentation added
• No obvious mistakes in the code

Summary by Sourcery

Add FIDO/U2F security key support to libssh by introducing a pluggable SK API, integrating libfido2 USB HID backend, extending PKI routines for SK key types, and adding build configuration and tests.

New Features:

• Expose a security key API (sk_api.h) with callbacks for enrollment, signing, and resident key discovery.
• Implement a default USB HID backend (sk_usbhid.c) using libfido2 for FIDO/U2F operations.
• Add a pki_sk module to bridge security key callbacks with libssh PKI enrollment and signing workflows.

Enhancements:

• Extend existing PKI code to serialize, compare, and manage SK ECDSA and SK Ed25519 key types.
• Introduce sk_common for secure cleanup of SK responses and parsing of operation options.
• Integrate session-level support for setting and retrieving SK callbacks in ssh_session.

Build:

• Add CMake Findlibfido2 support and a WITH_FIDO option to conditionally include SK sources and headers.
• Update build scripts to link against libfido2 when FIDO support is enabled.

CI:

• Enable FIDO support and extend pipeline timeout in .gitlab-ci.yml.

Tests:

• Add cmocka torture tests for SK HID enrollment, signing, and resident key loading in torture_sk_usbhid.c.
• Add unit tests for PKI SK integration in torture_pki_sk.c.