Add SSH client hardening guide

[jlduran]

• [x] Split the guides into Server and Client guides
• [x] Split client instructions based upon the version used by FreeBSD:
  • [x] OpenSSH 7.9: FreeBSD 12.2 and 13.0
  • [x] OpenSSH 8.7: FreBSD 14.0
• [x] Use the latest client configuration from sshaudit.com as a template
• [x] Leave our current server configuration unchanged

Close #2

[koobs]

Can you include/list the main changes of the changeset/PR in the PR description, so I can grok the diff and rationale:

• Add client hardening
• Split server|client hardening into version specific ...
• Remove|move backup instructions because ..

[jlduran]

Done! You can see the proposed outcome here.

[koobs]

LGTM with my minor copy edit suggestions

Should Add sk-ssh-ed25519@openssh.com and sk-ssh-ed25519-cert-v01@openssh.com to client14.md once libfido2 et al. are wired in (D32448, D32509) now be split out into a separate issue, such that we can merge what we have?

Thank you for adding the client hardening parts!

[jlduran]

LGTM with my minor copy edit suggestions

What copy edit suggestions?

---

Maybe I can add those now, that way we'll avoid the need to resubmit upstream (even if they do nothing at the moment).(done)

[koobs]

LGTM with my minor copy edit suggestions

What copy edit suggestions?

Sorry I missed this mate, screenshot of review comment:

[jlduran]

Done!

[jlduran]

Note to self: FreeBSD 12.3-RELEASE & 13.1-RELEASE, when released should use the same client14.md file, hence making this PR much simpler.