ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature

This makes tsnet apps not depend on x/crypto/ssh and locks that in with a test.

It also paves the wave for tsnet apps to opt-in to SSH support via a
blank feature import in the future.

Updates #12614

Change-Id: Ica85628f89c8f015413b074f5001b82b27c953a9
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

feature/hooks.go

@@ -67,6 +67,11 @@ func TPMAvailable() bool {
 	return false
 }
 
+// HookGetSSHHostKeyPublicStrings is a hook for the ssh/hostkeys package to
+// provide SSH host key public strings to ipn/ipnlocal without ipnlocal needing
+// to import golang.org/x/crypto/ssh.
+var HookGetSSHHostKeyPublicStrings Hook[func(varRoot string, logf logger.Logf) ([]string, error)]
+
 // HookHardwareAttestationAvailable is a hook that reports whether hardware
 // attestation is supported and available.
 var HookHardwareAttestationAvailable Hook[func() bool]

feature/ssh/ssh.go

@@ -0,0 +1,11 @@
+// Copyright (c) Tailscale Inc & contributors
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build ((linux && !android) || (darwin && !ios) || freebsd || openbsd || plan9) && !ts_omit_ssh
+
+// Package ssh registers the Tailscale SSH feature, including host key
+// management and the SSH server.
+package ssh
+
+// Register implementations of various SSH hooks.
+import _ "tailscale.com/ssh/tailssh"