Rework pubkey_options struct

[mkj]

Pubkey info is now included in the restriction struct. A temporary pubkey_options is filled then set in the global session after auth.

[mkj]

This PR fixed a security issue

• Security: server: Fix ability to bypass an authorized_keys "forced_command"
  option by an authenticated user, if Dropbear is running with "-t" option.
  ("-t" is require both password and public key).

After the initial pubkey auth succeeds (with forced_command key), a subsequent failed pubkey attempt could clear the forced command option. That's only applicable with "-t" where it accepts the subsequent attempts.

The commit here is a large rework (and IMO improves the code), but a simpler mitigation for the fix would be to not clear the options.

dropbear/src/svr-authpubkey.c

Lines 271 to 274 in f5d4440

	/* Retain pubkey options only if auth succeeded */
	if (!ses.authstate.authdone) {
	svr_pubkey_options_cleanup();
	}

becomes

    /* Retain pubkey options if auth succeeded or pubkey partial success (multi-auth).
    * In multi-auth mode, pubkey success clears AUTH_TYPE_PUBKEY from authtypes.
    * If that flag is cleared, pubkey auth succeeded and options should persist. */
    if (!ses.authstate.authdone
       && (ses.authstate.authtypes & AUTH_TYPE_PUBKEY)) {
       svr_pubkey_options_cleanup();
    }

Note that I haven't tested that thoroughly.