proposal: x/crypto/ssh: add SequentialsAuthMethods

[drakkan]

Proposal Details

I propose adding this new auth method

// SequentialAuthMethods is a wrapper for multiple authentication methods. It
// attempts each method in sequence, stopping immediately on the first failure.
// If all methods succeed, the result of the last one is returned. This is
// useful for enforcing multi-step authentication sequences where all steps must
// succeed. Note that a partial success is not treated as a failure, even if
// returned by the final method but only the final method is allowed to return a
// successfull authentication. If a method other than the last one succeeds, the
// connection will be closed, and no further authentication methods combined
// with this one will be attempted.
func SequentialsAuthMethods(auths []AuthMethod) AuthMethod

Currently, multiple authentication methods can be defined, and multi-step authentication is supported. However, there is no built-in way to enforce that all specified methods are executed. For example, if both public key and password methods are configured, authentication may succeed either because the public key method returned partial success and the password method completed successfully, or simply because the password method succeeded after the public key method failed.
SequentialAuthMethods enforces that all configured methods are executed in order, and authentication only succeeds if each step completes successfully.