Upgrade CA Signatures to RSA-SHA2-256

[celledge]

OpenSSH 8.2 has deprecated rsa-sha signatures in certificates. If you try to use an SSH Certificate to login to a system upgraded to 8.2 that was previously working, you will get the error ssh-rsa signature algorithm not supported reported by SSHD. This can also happen with Host Certificates if the client SSH version is upgraded to 8.2.
Further reading on this here: https://ibug.io/blog/2020/04/ssh-8.2-rsa-ca/

In order to resolve this, a newer SHA256 or SHA512 hash is required. I found a way to request these newer hashes in the x/crypto/ssh/agent code, but it is hidden behind the unexported agentKeyringSigner struct without an exported Interface for the needed SignWithOpts.

There is a way to work around this by declaring a local Interface for SignWithOpts and casting the returned Signer to that Interface. I've implemented this approach here:
digitallumens/ssh-cert-authority@70baa54

I don't think there would be an easier or cleaner way to doing this without some changes made to x/crypto/ssh. If this looks reasonable, I can make a pull request.

[bobveznat]

This seems reasonable enough, thanks for raising this. I'd be happy to take a look at a PR.