add ssh support

[Panaetius]

Adds a new coman exec command that can serve as a docker entrypoint (similar to tini) and executes iroh-ssh in the background with a provided secret.

Adds a new (hidden) coman proxy command that is a thin wrapper around iroh-ssh proxy for proxying ssh connections.

Significantly modifies coman cscs job start command to:

• search for a local id_rsa/id_dsa/id_ecdsa public key and uses that, otherwise key needs to be specified on the command line
• uploads the key to cscs
• creates an iroh secret and sets that as an env var on the job
• downloads a squash file containing the coman executable based on compute architecture
  • uploads the squash to cscs
  • mounts the squash into the container
  • wraps command to run in the container with the injected coman executable
• starts the job with the cscs ssh hook enabled, using the injected coman with the generated iroh secret
• creates a .endpoint file in ~/.local/share/coman/ that contains the iroh endpoint id for a job
• creates an include for ~/.local/share/coman/ssh_config in ~/.ssh/config
• adds a new host entry <job_name>-<job_id> for the job in ~/.local/share/coman/ssh_config with a ProxyCommand set to coman proxy <job_id>, which proxies the connection.

a user can then simply connect with ssh <job_name>-<job_id>.

TODO (left as an exercise for the reader):

• add some garbage collection to clean up old SSH connections for jobs that aren't running anymore
• add some --wait flag to wait for jobs to be up on start (so a user doesn't try to connect when the container isn't running yet)
• check if the coman squash is already present on CSCS and only upload if the one on github is newer than the one on cscs (or try to match local version of coman?)