Add explicit checks during cert validation and unit tests

[mwielgoszewski]

In a commit to upstream x/crypto/ssh, the CheckCert function of ssh.CertChecker interface no longer calls IsUserAuthority function here.

Not calling the function we assign to IsUserAuthority here results in a security vulnerability allowing any SSH key signature (other than that of the requester's) to sign a certificate request. A requester may bypass m-of-n controls by generating a new key and signing their own request with that key.

This PR mitigates this vulnerability by explicitly calling the IsUserAuthority function.

[bobveznat]

Thank you for the find and the fix.

This was caused by the change here: https://github.com/golang/crypto/commit/7e9105388ebff089b3f99f0ef676ea55a6da3a7e

Any builds after that change was committed to golang's x/crypto package have this bug.