Enable redirection guard during service setup

[tgauth]

PR Summary

• update MSI and install script to create RedirectionGuard reg keys, if they do not already exist, for ssh-agent and sshd services
• should have no impact on typical usage of either service

PR Context

• https://www.microsoft.com/en-us/msrc/blog/2025/06/redirectionguard-mitigating-unsafe-junction-traversal-in-windows/

[tgauth]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Copilot]

Pull Request Overview

This PR enables RedirectionGuard mitigation for both sshd.exe and ssh-agent.exe services by creating registry keys during installation. This security enhancement addresses unsafe junction traversal vulnerabilities in Windows as detailed in the Microsoft MSRC blog post from June 2025.

• Registry keys are created under Image File Execution Options for both sshd.exe and ssh-agent.exe with MitigationOptions values
• Both the PowerShell installer script and WiX MSI installer are updated to create these registry entries
• Registry entries are marked as permanent (persisting through uninstall) and only created if they don't already exist

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
contrib/win32/openssh/install-sshd.ps1	Adds registry key creation logic for RedirectionGuard mitigation for both sshd.exe and ssh-agent.exe
contrib/win32/install/shared.wxs	Adds MSI component to create ssh-agent.exe RedirectionGuard registry key
contrib/win32/install/server.wxs	Adds MSI component to create sshd.exe RedirectionGuard registry key

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}