x/crypto/ssh/knownhosts: failure to enforce `@revoked` status

[thatnealpatel]

Previously, a revoked SignatureKey belonging to a CA
was not correctly checked for revocation. Now, both the
key and key.SignatureKey are checked for @Revoked.

This is CVE-2026-42508 and Go issue https://go.dev/issue/79568.

---

This was a PUBLIC track issue, tracked in http://b/502121237.

[gopherbot]

Change https://go.dev/cl/781220 mentions this issue: ssh/knownhosts: respect @revoked CA keys