Add support for OpenSSH certificates

[Rob-Hague]

Here's how to use it:

When authenticating i.e. when you have a certificate for your key which is signed by a certificate authority that the server trusts:

using (var privateKeyFile = new PrivateKeyFile("path/to/my/key", passPhrase: null, "path/to/my/certificate.pub"))
using (var client = new SshClient("sftp.foo.com", "guest", privateKeyFile))
{
    client.Connect();
}

When validating the host i.e. when expecting the server to present a certificate signed by a trusted certificate authority:

string expectedCAFingerPrint = "tF3DRTUXtYFZ5Yz0SBOrEbixHaCifHmNVK6FtptXZVM";

using (var client = new SshClient("sftp.foo.com", "guest", "pwd"))
{
    client.HostKeyReceived += (sender, e) =>
    {
        e.CanTrust = e.Certificate?.CertificateAuthorityKeyFingerPrint == expectedCAFingerPrint;
    };
    client.Connect();
}

closes #479
closes #963
closes #1196

of existing PRs:
closes #595
closes #682

[Rob-Hague]

In order to make the host validation example work, the certificate algorithms should be listed first (so that the server knows to send its certificate). Doing this comes with a risk in case there is an unknown bug in the new code. I think the test coverage is good enough, but we could list the new algorithms last to avoid this risk.

[drieseng]

Nice work!

It would be great to have unit tests for Certificate and the new (or newly implemented) properties of CertificateHostAlgorithm.

I'm not blocking this PR for this though.

Thanks!

[Rob-Hague]

Thanks! I added some more tests on the public properties. Those for Certificate go through PrivateKeyFile rather than directly through the constructor but that seems reasonable enough

[jeevanbalanmanoj]

Fantastic to see this. Is this available in the main branch? When will it be usable?

[Rob-Hague]

We will make a release "soon", in the meantime, you can try it out from the CI feed https://ci.appveyor.com/nuget/ssh-net e.g. version 2024.2.0-prerelease.1 should have it