feat(remote): add TOFU/known-hosts SSH host key verification

[coderabbitai]

Summary

The current SSH remote host implementation in the remote SSH project feature (#623) auto-accepts all server host keys without verification (i.e., no hostVerifier is supplied to ssh2 Client.connect()). This leaves connections vulnerable to Man-in-the-Middle (MITM) attacks.

Background

Raised during code review of PR #623 (comment: #623 (comment)).

The relevant code paths are:

• server/routes/remote-hosts.js — testSshConnectivity() helper
• server/remote/connection-manager.js — SSHConnectionManager connect() method

Proposed solution

Implement a Trust On First Use (TOFU) model with a persisted known-hosts store, similar to how the standard OpenSSH client works:

1. First connection: accept the server's host key, hash it (SHA-256), and persist the fingerprint alongside the host record (e.g., in the remote_hosts DB table or a separate known_hosts store).
2. Subsequent connections: compare the presented key fingerprint against the stored value; reject and surface an error to the user if there is a mismatch.
3. UI affordance: when a host key changes, show the user a clear warning (similar to OpenSSH's WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!) and allow them to explicitly trust the new key.

Use ssh2's hostHash: 'sha256' + hostVerifier callback for the implementation.

References

• Requested by: @khaledmoayad
• Related PR: feat(remote): add remote SSH project support #623
• Review comment: feat(remote): add remote SSH project support #623 (comment)
• ssh2 docs: https://github.com/mscdex/ssh2

[khaledmoayad]

This is a duplicate of #624