* Enforce max number of SSH certificate principals
There is an undocumented limit for the maximum number of valid principals accepted by the openssh tooling, as seen at:
* 2726764269/sshkey.h (L108)
* 25c8a2bbcc/sshkey.c (L1801)
* 6180b0fa4f/ssh-keygen.c (L1833)
This change enforces that same restriction as currently a SSH certificate can be generated that is invalid against the default sshd server. Consideration might be given for any non openssh servers that accept openssh certificates, if they exist and want to allow a greater number of principals.
Of note, the 256 limit is not found in the spec for SSH certificates as defined at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys. It instead seems to be arbitrarily chosen by the project as some limit was needed.
* Address formatting error.
* Comment on valid_prinicpals size limit plus test added.
---------
Co-authored-by: Jake <jake@vaultish.com>
de8deb9e94