ssh: Allow forwardAgent to be set to null

[tebriel]

Description

Allow setting the forwardAgent to null to prevent it from being set in Host *.

In situations where you use CanonicalizeHostname and CanonicalDomains the ssh config is parsed twice. THe first time a value is set, typically means it's the final value. This means that if programs.ssh.forwardAgent is set to false you cannot have ForwardAgent = yes apply to a canonical match (Match canonical *.my.tld) as Host * will be parsed first.

If we consider the config where programs.ssh.forwardAgent = false;:

CanonicalizeHostanme yes
CanonicalizeDomains my.tld
CanonicalizeMaxDots 1

Match canonical Host *.my.tld
  ForwardAgent yes

Host *
  ForwardAgent no

ssh myhost will first pass through Host * and set ForwardAgent no, canonicalize the name to myhost.my.tld, then match Match canonical *.my.tld and try to set ForwardAgent to yes but since it's already no it will be ignored.

The same is a problem in reverse if programs.ssh.forwardAgent = true; and the canonical match is ForwardAgent no.

The default for forwardAgent is already false so there's not a need to always explicitly set it, we allow forwardAgent = null in match blocks, we can set it to null in the root as well.

Note

This does add a blank line if forwardAgent is set to null in the Host * block. Mabye not ideal, can probably fix it if it's really a problem.

Checklist

• Change is backwards compatible.

• Code formatted with ./format.

• Code tested through nix-shell --pure tests -A run.all or nix develop --ignore-environment .#all using Flakes.

• Test cases updated/added. See example.

• Commit messages are formatted like

  {component}: {description}
  
  {long description}
  

  See CONTRIBUTING for more information and recent commit messages for examples.

• If this PR adds a new module

  • Added myself as module maintainer. See example.

Maintainer CC