Use RawStdEncoding to compute the base64 fingerprint as part of SSH
session IDs. This is mostly just so that we can use the go
`ssh.FingerprintSHA256` function in tests (which uses RawStdEncoding) to
assert on session ID strings
Add an additional method to the ssh.Evaluator interface for invalidating
cached databroker records. Invalidating the global cache is not
sufficient, because there may be sync queriers as well.
Make sure to invalidate the User record (in addition to the Session
record) during the login flow.
Re-evaluate ssh authorization decision on a fixed interval, or whenever
the config changes. If access is no longer allowed, log a new 'authorize
check' message and disconnect.
Refactor the ssh.StreamManager initialization so that its lifecycle
matches the Authorize lifecycle.
Implement the pkg/ssh.AuthInterface. Add logic for converting from the
ssh stream state to an evaluator request, and for interpreting the
results of policy evaluation. Refactor some of the existing authorize
logic to make it easier to reuse.
