openssh: Update to 9.9p1

Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.

See the upstream release notes for full details of the 9.9p1 release
(https://www.openssh.com/releasenotes.html).

---

Future deprecation notice

OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.

Potentially-incompatible changes

• ssh(1): remove support for pre-authentication compression.
• ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters.

New features

• ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default.
• ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD.
• All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA.

Bugfixes

• sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733
• ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503
• ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters.
• ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725
• ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505

---

Reviewed by: jlduran (build infrastructure)
Reviewed by: cy (build infrastructure)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48947

(cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a)

Approved by: re (accelerated MFC)

(cherry picked from commit 802386cd37f638eec9606cb10d3dd03c8f1d6c17)