Add Redfish endpoint for installing SSH TrustedUserCAKeys.
This change introduces a new endpoint in the Redfish CertificateService to handle the installation of SSH TrustedUserCAKeys. The endpoint expects a PEM-encoded public key and a detached signature. Helper functions are added to parse the JSON payload, including extracting a string array. The README is updated with instructions on how to generate and test the installation of these keys.
Tested:
```
root@qtbhq20-nfd01:/tmp# curl -X POST -H "Content-Type: application/json" -d "${JSON_BODY}" http://localhost:80/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
{
"@odata.type": "#Message.v1_1_2.Message",
"Message": "Successfully installed the trusted user CA keys.",
"MessageId": "Base.1.14.Success",
"Resolution": "None",
"Severity": "OK"
}
root@qtbhq20-nfd01:/tmp# md5sum /var/google/ssh/trusted_user_ca_keys.pub
d8265fab31496e8e9d5906e427edbf3c /var/google/ssh/trusted_user_ca_keys.pub
root@qtbhq20-nfd01:/tmp# cat /var/google/ssh/trusted_users
root
```
```
$ ssh -i ~/.ssh/id_ed25519 -o CertificateFile=~/.ssh/id_ed25519-cert.pub -J root@qtbhq20-n1 -p 2022 root@qtbhq20-nfd01
[bmboot] 2025/12/05 22:55:52 9570 seconds elapsed
```
Making sure the newly signed certificate is used
```
wltu@wltu:/workspace/gBMC/gbmc/build/gbmc (google-dev)
$ mv ~/.ssh/id_ed25519-cert.pub /tmp
$ ssh -J root@qtbhq20-n1 -p 2022 root@qtbhq20-nfd01
root@qtbhq20-nfd01.prod.google.com: Permission denied (publickey).
```
PiperOrigin-RevId: 843123654
Change-Id: Ice9e9fa591c988543493e223f9fdc692e52c2897
1 file changed
