use rsa-sha2-256 by default for RSA SSH signatures

[nklaassen]

Back in #33169 golang.org/x/crypto/ssh was updated, and it switched the default SSH RSA signature algorithm from rsa-sha2-512 to rsa-sha2-256. At the time, we decided to explicitly continue to use rsa-sha2-512 for all RSA SSH signatures.

There is nothing wrong with rsa-sha2-512 and we could continue to use it, but it has us in a weird state with GCP KMS. RSA2048 keys do not support SHA512 in GCP KMS, so currently we use RSA4096 keys on GCP KMS only.

I have previously updated the code on master to use the default signing algorithm (with a SHA256 hash) for all non-RSA keys. This PR updates it so that we will now use rsa-sha2-256 for all RSA keys smaller than 4096 bits, and rsa-sha2-512 for RSA keys that are 4096 bits or larger. I'm also removing the special case we have to generate 4096-bit keys on GCP KMS only. Going forward, all newly generated RSA keys will have 2048 bits.

This is backward compatible with existing RSA4096 RSA keys in GCP KMS, they will continue to use rsa-sha2-512. New and existing RSA2048 keys will now use rsa-sha2-256 which aligns with Go's new defaults. Non-RSA keys will use the only signature algorithm available for their key type, which we'll explicitly pin so that golang.org/x/crypto/ssh can't change it out from under us again if new signature algorithms are added.

Changelog: RSA SSH signatures will use rsa-sha2-256 by default