feat(orchestrator): CON-1609 Provision SSH recovery access key from registry

[eichhorl]

There is a new field in the NodeRecord holding a vector of SSH public keys. This PR extends the orchestrator to deploy those keys for the recovery user by calling the /opt/ic/bin/provision-ssh-keys.sh script, as is already done for readonly and backup keys.

[eichhorl]

Since the recovery user does not exist yet (and thus nor its HOMEDIR), we are seeing weird errors in logs :/ Is there a plan of adding that user soon? Maybe it would be best to merge this PR after so?

Good catch, I think it should be fine to wait until the new user exists. cc @r-birkner

Also, do you know what this user's permissions will be? Just the necessary r+w to /var/lib/ic/data/ic_state? More relaxed ones like r+w on the whole /var/lib/ic/data?

That's a good question, I assumed it would be the same as the admin user, perhaps excluding access to secret keys? cc @r-birkner