Pageant support for key confirmation

[MacGyverNL]

Like OpenSSH's ssh-add -c option:

"Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by the SSH_ASKPASS program mentioned below. Successful confirmation is signaled by a zero exit status from the SSH_ASKPASS program, rather than text entered into the requester."

Basically, whenever a process requests authentication from pageant for an identity marked as "confirm", it should prompt the user to allow / deny the authentication before proceeding. This is mostly relevant in a setting where agent forwarding is being used, since anyone on the remote machine with access to the agent socket can potentially access unlocked identities. Enabling confirmation prompts mitigates this risk significantly, since the user can deny any unexpected requests (and will be alerted to suspicious activity at the same time).

Note that the user does not have to enter his passphrase if the identity is still unlocked, he simply has to confirm that the authentication is allowed to take place.

This is, in my opinion, an important feature to have in an agent program, the absence of which is limiting my use of pageant significantly (i.e. I'm removing keys from pageant all the time, only adding them right before I need them and removing them immediately after).

[FauxFaux]

There's a dumb, global (but secure) version of this in p0.63-t017. I would like it to be better. This will probably require pagaent protocol additions. Would anyone like to raise a ticket with a proposal?