Add the strict key exchange extension

[darses]

After the Terrapin attack a two new SSH Extensions were introduced: kex-strict-c-v00@openssh.com (Client) and kex-strict-s-v00@openssh.com (Server).

This is a feature request to add these extensions to the comparison.

I will quote the OpenSSH PROTOCOL page for more information:

1.10 transport: strict key exchange extension

OpenSSH supports a number of transport-layer hardening measures under a "strict KEX" feature. This feature is signalled similarly to the RFC8308 ext-info feature: by including a additional algorithm in the initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append "kex-strict-c-v00@openssh.com" to its kex_algorithms and the server may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored if they are present in subsequent SSH2_MSG_KEXINIT packets.

[fingolfin]

I'd be happy to merge a PR adding this.

Anyone who would like to work on this should probably start by editing https://github.com/fingolfin/ssh-comparison/blob/gh-pages/_data/specs.yml

But then of course the entries for clients supporting it (presumably at least OpenSSH) should be updated to reflect that, by editing their entries in https://github.com/fingolfin/ssh-comparison/tree/gh-pages/_impls

[darses]

I am working on a PR, primarily based on the patches page on the Terrapin website.

At this moment my proposal is to add both client and server extensions, despite all implementations implementing either both or none.

Furthermore, I do not intend to list support for unreleased versions such as the support in Dropbear.

Please let me know if these are points that I need to reconsider while I draft a PR.