Add support for ssh host keys (known hosts) for git sources

[cpuguy83]

In llb.Git you can pass in host keys as an option for SSH backed git urls. When a host key is not provided buildkit uses TOFU (trust on first use), where the client (in dalec's case the frontend) does a keyscan* (this happens when calling llb.Git) to get the host key and passes that down as part of the LLB to the solver.

By adding support for known hosts in the spec we can:

1. Improve overall security by declaring what host keys we are expecting to connect to (and fail if keys do not match)
2. Prevent an extra remote connection (when known hosts are specified)

One more thing we could do is allow the known hosts to be passed in as a build arg where the client invocation can be something like docker build --build-arg KNOWN_HOSTS="$(cat ~/.ssh/known_hosts)" ...

Downside of this is sometimes host keys change (though it should be rare) and specs can become invalid.

---

• keyscan makes an ssh connection to the remote host and grabs the host key to add to the known hosts list