feat: re-allow remote SSH access if only key-based login permitted

[charludo]

• Add isSSHConfigSecure check which fails if passwordauthentication, permitrootlogin or permitemptypasswords is true. Otherwise, only non-root, key-based login is permitted and the check passes.
• If an open port 22 is discovered, instead of immediately failing the remote_login check, delegate to isSSHConfigSecure.

Fixes: #467

[zupo]

Generally looks good to me.

[dz0ny]

CIS disallows SSH on desktops, but is allowed on per requirement basis. Mitigation like this would have to be mentioned during audit. SOC requires logging and reporting so even more strict.

CIS Control 4 — Secure Configuration

∙	SSH should be disabled by default on desktops/workstations

CC6 — Logical and Physical Access Controls

∙	Remote access must be authorized, monitored, and logged
∙	Unnecessary open ports/services violate least privilege principles
∙	SSH on desktops could be flagged as a control weakness in an audit.

Above would have to be additional check, essentially we need to be pair with what frameworks recommend for desktop user regarding remote access.

[dz0ny]

Do you need a specific check for your use case during the audit?