Move opkssh key files to a separate location

[net42-jkeil]

This PR changes how the key files opkssh creates on the client are stored.

Addressed problems:
It prevents problems in case the predefined allowed identity files (id_ecdsa / id_ed25519) are already in use. (#69)
If a user has to log into multiple systems handled by different providers the user has to run opkssh login and ssh in that order for each system because repeated calls of opkssh login will override the PK of the previous provider.

Changes:

• Identity files opkssh creates are named unique per provider and clientID
• Additionally they get created in ~/.ssh/opkssh/ to reduce clutter and make cleaning up easier
• Identity management happens in ~/.ssh/opkssh/config

Notable:
Identities that do not follow the standard naming convention or are not placed in the default location ~/.ssh/ are usually ignored. To fix this the Include ~/.ssh/opkssh/config directive has to be added to the users ssh config.
This is to prevent possible corruption when regularly modifying the users ssh config.

The README has been modified to reflect this change. Additionally the command opkssh config has been added which checks for correct configuration and instructs the user how to modify their config if needed.

With the upcoming PR #96 most users will not encounter those problems, but on systems without the ssh-agent this remains a problem.

[MrCriseas]

I know, we are from the same organisation but would be nice. Not everyone is using ssh-agent and the package would be directly useable without setting up the agent. Nevertheless to potentially overwrite an ssh certificate and check is it used beforehand by opk seems unlikely not an optimal solution.

We have the usecase to use multiple providers and that solution could address our needs massively and support this repository :).

[EthanHeilman]

Want to talk about this at this months community meeting?

OpenPubkey Community Meeting 2:00 PM (ET) 6:00pm (GMT)
Wednesday, April 16 · 2:00 – 3:00pm
Time zone: America/New_York
Google Meet joining info
Video call link: https://meet.google.com/hvc-dywm-wzk

[net42-jkeil]

As mentioned in the community meeting this PR will be on hold until client configuration is implemented.
This PR might need a complete rewrite at that point to cleanly integrate with the new configuration method.

[EthanHeilman]

Merged the client config.

We don't automatically create the client config you have to run opkssh login --create-config. That said, if the usability of this PR requires that we automatically create the client config. I am good with making that change.
#143