add fact to export users's public keys

the fact will export a hash made of user => [keys], where [keys] is the array of keys in the user's .ssh directory. all key types but RSA1 are imported without distinction.

the rational of this (versus the ssh-keygen approach) is that we may not want to generate keys on the puppetmaster, to avoid leaking more information than we need to about the private key material. with this fact, we can generate the keys on the clients with an exec type and then export only the public key to the central server.

while it can be argued that the communication between the agents and master should be considered secure, it does widen the attack surface for no good reason: ssh private keys should generally not be reused and therefore it is not necessary to host them on the central server.

this MR doesn't actually remove the alternative approach and is submitted in the spirit of "tools, not policy". :)