build: fix suse build (#119)

Given the current headers included and suse 12's headers current state
we'll end up not having stdio.h and stdlib.h in cases we expect them
to be available so we need to explicitly include them.

utils: change FileExists() to use stat() instead of access() (#118)

We observed an inconsistency of behavior of access() across linux systems,
to work that around we are changing it to use stat() instead.

Cert based authentication (#116)

* test: align CXX Flags

* sshca: Make the implementation more C++ like

Introduce a oslogin_sshca namespace, remove the C de mangling extern.

* sshca: Add a SysLog wrapper

With this patch now we can have a global sys logger having the logging
points present whether the sys logger has been setup/initialized or not.

For unit tests for example we'll not have it initialized rendering into
no-op calls to SysLogErr().

* oslogin_utils: introduce AuthorizeUser() API

The AuthorizeUser() API merges together the authorization operations
for both login and adminLogin authorize policies. This API is meant
to be used in single points of Authorization - where both login &
adminLogin are attempted/processed.

* sshca: move it out of pam dir

As we are moving authorization out of pam modules it makes sense to
have oslogin_sshca.o in the root dir of src side-by-side with
oslogin_utils.o.

* pam: start disabling the use of oslogin_sshca

Start disaging the use of oslogin_sshca in the pam modules.

* sshca: consider sshca API to assume a cert only

In a model using AuthorizedPrincipalsCommand we can handle a ssh cert
only - not having to split and ignore method and algorithm tokens.

* authorized principals: introduce the new command

* authorize keys: update to use new APIs

Update both authorized_keys and authorized_keys_sk to use new sys logger
facilities as well as AuthorizeUser().

* pam modules: remove pam_*_admin and update pam_*_login

pam_oslogin_admin is not required anymore and pam_oslogin_login is
now only responsible to handle 2fa.

* cache_refresh: should be catching by reference.

selinux: fix selinux build (#114)

Make sure we build selinux module when building the package,
additionally we are removing the binary from the repo and start
using the in build time generated binary.

selinux: add sshd_key_t type enforcement to trusted user ca (#113)

sshca: add tests with fingerprint and multiple extensions (#111)

Test fingerprint parsing with certs containing all default ssh-keygen
extensions + the byoid fingerprint.

sshca: support method token and handle multi line (#109)

We didn't account that the SSH_AUTH_INFO_0 variable format has a method
token and that it can have multiple lines - even that it's unlikely
to happen with oslogin use cases it's healthier to account for that.

The tests were changed to reflect the actual implementation change.

Additionally this patch also changes the internal function's signature
to be prefixed with _.

Update owners. (#110)

byoid: extract and apply the ca fingerprint to policy call (#106)

Introduce required code to extract the fingerprint content from
openssh cert format. The format documentation can be found here:

https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD

Improve the URL in 2fa prompt (#104)