Migrate SSH to ssh2 library

[thomashoneyman]

This PR migrates the registry away from ssh-keygen and over to the ssh2 node library as per #591. This is because mismatched ssh-keygen versions have been giving us a lot of headaches in the transfer operation and it would be nicer to be able to sign and verify data using a specific version of the ssh2 library via Spago (and anyone else who wants to sign data using the registry library).

Unfortunately, I'm not exactly sure how to handle translating the signature buffer that we receive from ssh2's sign method into a string suitable for use in a JSON payload and back; a first cut with Buffer.toString using a UTF8 encoding was no good, and I don't have time to dig in to what encoding should be used just yet.

For that reason you'll see the tests are failing. I'll need to come back and fix that part but everything else should be OK.

[thomashoneyman]

@f-f the latest commits address feedback in these steps:

1. Explicitly mention in the SPEC that pacchettibotti is always considered an owner and trustees can act as pacchettibotti.
2. Direct the user to use their package manager or the registry library functions to sign payloads
3. Remove the 'email' field from the authenticated data type
4. Rename the 'email' field to 'comment' in the owner data type and make it optional