[RFE] update-ssh-keys: Add ecdsa-sk and ed25519-sk (U2F/FIDO security key) support

[norve]

When I try to add an ecdsa-sk or ed25519-sk key generated using my hardware U2F/FIDO security key to ~/.ssh/authorized_keys.d/, and run the update-ssh-keys command, I get the following message:
$ update-ssh-keys
warning: failed to parse public key "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1l...AAAABHNzaDo= yubikey": unsupported keytype: sk-ssh-ed25519@openssh.com, omitting from authorized_keys
warning: failed to parse public key "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNr...AAAAEc3NoOg== titan": unsupported keytype: sk-ecdsa-sha2-nistp256@openssh.com, omitting from authorized_keys

When I manually add the public key to the ~/.ssh/authorized_keys file, the authentication works fine, but of course this does not persist between reboots. Security key-based authentication has been supported in OpenSSH since version 8.2p1. It would be nice if there was support for this in the update-ssh-key tool, since the current stable version of Flatcar Linux runs OpenSSH 8.7p1.

[norve]

@jepio Identified that the list of supported key types that update-ssh-keys references is provided here: https://github.com/coreos/openssh-keys/blob/main/src/lib.rs#L79-L87

ssh-ed25519 and ecdsa-sha2-nistp256 are listed as supported keys, but the formats are different from sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com.

[pothos]

Found a gitlab MR that also added support for the same format: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78934/diffs
At first it's a bit confusing that -sk suffix of the format name becomes a prefix in the format with @.

[pothos]

Here's how far I came: coreos/openssh-keys#68

[pothos]

Prepared a PR to use the patched library from update-ssh-keys: flatcar/update-ssh-keys#7

[pothos]

Found a way to use it from coreos-overlay without waiting for a crates.io release: flatcar-archive/coreos-overlay#2289