support for hardware generated certificates (MFA) using config.cfg

[sandys]

hi, Also want to link to an earlier request that was closed - https://github.com/trailofbits/algo/issues/996

hardware keys like the epass2003 is very popular for ssh - e.g https://sigg-iten.ch/learningbits/2014/11/13/first-steps-with-the-feitian-epass2003-smart-token-in-os-x/

we generate a public/private keypair on the hardware and then copy the public key to the remote server. Is this possible to do with algo - the only change needed is that instead of the script generating ssh keys, it will read a public key from a config file and add them to the deployed server (both when creating new or when update-users). In fact the config.cfg users section can be enhanced to take optional user <-> public key mapping.