Suggest `no-pty` restriction to authorized SSH keys for improved security

[arsalanses]

It would be beneficial to automatically prefix each SSH public key with restrictive option like no-pty.

Update the entrypoint or key generation logic to wrap each key in AUTHORIZED_KEYS with secure defaults, for example:

no-pty ssh-ed25519 AAA... user-a